Need help in configuring filebeat 8.9 on windows server 2012 R2

Hi All,

First time implementing filebeat 8.9 on windows to pick files from Samba share and send it to Elasticsearch. The netwoek firewall rules has been allowed and telnet is also happening from windows server. We are getting below error while running the setup.

Overwriting ILM policy is disabled. Set setup.ilm.overwrite: true for enabling.

Exiting: failed to check for policy name 'filebeat': (status=401) {"Message":"Your request: '/_ilm/policy/filebeat' is n
ot allowed."}: 401 Unauthorized: {"Message":"Your request: '/_ilm/policy/filebeat' is not allowed."}

Also we are unable to restart the filebeat services. Below is the configuration


  • type: filestream
    id: my-filestream-id
    enabled: true

    • \samba share\logs*.log

bulk_max_size: 10
hosts: ['awshost']
ilm.enabled: auto

  • index: universe-logs-%{+yyyy}-w%{+ww}
    setup.ilm.enabled: false

json: true
level: error
to_files: true
path: \samba share\logs*.log
name: filebeat.log
keepfiles: 7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.