Hi, I could use some advice. I'm a newbee on filebeat and could use your help.
I'm trying to send IIS log files with filebeat to ElasticSearch. But it's not working as how I would like it to do.
I've a problem with Filebeat not sending messages to an AWS ES when using the IIS module.
ES on AWS is a service based solution and we're not able to install the ingest-geoip plugin on it.
Also we're not interested is the geographical features. We are interested in the urls's especially.
Our setup is like this:
IIS webservice (Windows Server 2012) --> Filebeat 6.6.0 --> ES (AWS) 5.6.8
I've ran the setup step. This step creates the filebeat index. I also see that the fields that I need are created but these fields are not populated by filebeat.
The connection to ES does not give an error. The template is also created.
But when I start filebeat I get the following error:
ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(https://logging.phoenix.wehkamp.prod.blaze.ps:443)): Connection marked as failed because the onConnect callback failed: Error loading pipeline for fileset iis/access: This module requires the following Elasticsearch plugins: ingest-geoip. You can install them by running the following commands on all the Elasticsearch nodes: sudo bin/elasticsearch-plugin install ingest-geoip
Is there a way to use the IIS module logic without the ingest-geoip plugin?
Or do we need to implement it in another way?
Below is my config file:
filebeat.inputs: #- type: log # enabled: true # paths: # - 'C:\inetpub\logs\LogFiles\W3SVC1\*.log' filebeat.config: #inputs: #enabled: false #path: inputs.d/*.yml #reload.enabled: true #reload.period: 10s modules: enabled: true path: modules.d/*.yml #reload.enabled: true #reload.period: 10s output.elasticsearch: hosts: ["https://SERVER:443"] protocol: "https"