Hi, I could use some advice. I'm a newbee on filebeat and could use your help.
I'm trying to send IIS log files with filebeat to ElasticSearch. But it's not working as how I would like it to do. 
I've a problem with Filebeat not sending messages to an AWS ES when using the IIS module.
ES on AWS is a service based solution and we're not able to install the ingest-geoip plugin on it.
Also we're not interested is the geographical features. We are interested in the urls's especially.
Our setup is like this:
IIS webservice (Windows Server 2012) --> Filebeat 6.6.0 --> ES (AWS) 5.6.8
I've ran the setup step. This step creates the filebeat index. I also see that the fields that I need are created but these fields are not populated by filebeat.
The connection to ES does not give an error. The template is also created.
But when I start filebeat I get the following error:
ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(https://logging.phoenix.wehkamp.prod.blaze.ps:443)):
Connection marked as failed because the onConnect callback failed: Error loading
pipeline for fileset iis/access: This module requires the following Elasticsearch plugins: ingest-geoip. You can install them by running the following commands on all the Elasticsearch nodes:
sudo bin/elasticsearch-plugin install ingest-geoip
Is there a way to use the IIS module logic without the ingest-geoip plugin?
Or do we need to implement it in another way?
Below is my config file:
filebeat.inputs:
#- type: log
# enabled: true
# paths:
# - 'C:\inetpub\logs\LogFiles\W3SVC1\*.log'
filebeat.config:
#inputs:
#enabled: false
#path: inputs.d/*.yml
#reload.enabled: true
#reload.period: 10s
modules:
enabled: true
path: modules.d/*.yml
#reload.enabled: true
#reload.period: 10s
output.elasticsearch:
hosts: ["https://SERVER:443"]
protocol: "https"