NXLog and shield on elastic cloud

Hi
I am trying to send logs from my Windows machine, using NXlog CE to Elastic Cloud, but could not authorize on endpoint, protected by shield.
When I add following record:

<Output elasticsearch>
    Module      om_http
    URL         http://my_cloud_endpoint.found.io:9200/
    ContentType application/json
    Exec        set_http_request_path(strftime($EventTime, "/nxlog-%Y%m%d/" + $SourceModuleName)); rename_field("timestamp","@timestamp"); to_json();
</Output>

I receive 401 Not authorized

When I add same URL as I use to post via cURL

<Output elasticsearch>
    Module      om_http
    URL         http://userName:password@my_cloud_endpoint.found.io:9200/
    ContentType application/json
    Exec        set_http_request_path(strftime($EventTime, "/nxlog-%Y%m%d/" + $SourceModuleName)); rename_field("timestamp","@timestamp"); to_json();
</Output>

I receive 2016-04-13 09:03:10 ERROR apr_sockaddr_info failed for userName:p; No such host is known.

Can you help me in feeding my logs to ElasticSearch?

Why not use file or winlogbeat instead?

Can you work it out, please? I am very newbie to this :frowning: and, looks like I am missing some really obvious points

I don't know nxlog, it's been a long time since I used it, which is why I mentioned filebeat and winlogbeat.
They are built and supported by us so you will have an easier time in integrating then.

Ah, yes, I see now :slight_smile:
Beats you mean this one: https://www.elastic.co/downloads/beats/winlogbeat
Ok, I will give it a try
Thanks for guiding

JFYI: Elasticsearch module is not a feature in nxlog CE, you must use the enterprise edition.

Thank you, I saw it

I am trying to have several indexes - one fed by WinBeat, second on fed by FileBeat. Is it actually possible?

Yes, you need to use conditionals or variables with Logstash.

It might be a better question for the Logstash category though.

And here is a problem -- https://cloud.elastic.co does not have Logstash. Or maybe I miss something?

No, you need do manage that yourself at the moment.

Ahh... It's a pity. I am seeking for solution which will allow me to show developers raw log stream, and perform analytical tasks on this stream later. It seems that elasctic cloud does not fit into this, or am I missing something again?

It's not really the way the stack works, it's more around doing upfront definition to make the following analysis more efficient.