Need help in configuring filebeat 8.9 on windows server 2012 R2

Hi All,

First time implementing filebeat 8.9 on windows to pick files from Samba share and send it to Elasticsearch. The netwoek firewall rules has been allowed and telnet is also happening from windows server. We are getting below error while running the setup.

Overwriting ILM policy is disabled. Set setup.ilm.overwrite: true for enabling.

Exiting: failed to check for policy name 'filebeat': (status=401) {"Message":"Your request: '/_ilm/policy/filebeat' is n
ot allowed."}: 401 Unauthorized: {"Message":"Your request: '/_ilm/policy/filebeat' is not allowed."}

Also we are unable to restart the filebeat services. Below is the configuration

filebeat.inputs:

  • type: filestream
    id: my-filestream-id
    enabled: true
    prospectors:

    paths:
    • \samba share\logs*.log

output.elasticsearch:
bulk_max_size: 10
hosts: ['awshost']
ilm.enabled: auto
indices:

  • index: universe-logs-%{+yyyy}-w%{+ww}
    setup.ilm.enabled: false

Logging:
json: true
level: error
to_files: true
files:
path: \samba share\logs*.log
name: filebeat.log
keepfiles: 7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.