EDIT: I have found a solution to the problem so I am going to post it here just in case anyone else runs into the same issue. The thing that was missing from my config file was a way to specify the index. I don't understand why this fixes it yet but I added a line to the config file and it is working now. The line can be seen below.
index => "%{[@metadata][beat]}-%{[@metadata][version]"
This line should be added to the config file. The full config file with the change can be seen below:
input {
beats {
port => "5044"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]"
}
stdout { codec => rubydebug }
}
Original Question / Post Can Be Seen Below:
Hello
I am a beginner and am currently trying to get the ELK stack working. My current setup includes a Windows machine that is running a Ubuntu Virtual Machine. The Windows machine has Winlogbeat running on it and the Ubuntu machine has Elasticsearch, Kibana, and Logstash. My goal is to get data flowing through all of the pieces without issues. This was working just fine until I tried introducing Logstash.
For reference this is my Logstash config file
input {
beats {
port => "5044"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}
To my understanding this config file will take in beats information and output that to both stdout and elasticsearch. I configured my Winlogbeat to send data to this port and Logstash is receiving it just fine. I know this because it prints this out to the console (This isn't the full output I omitted the majority of it for brevity):
"@version" => "1",
"@timestamp" => 2021-06-23T17:10:36.359Z,
"log" => {
"level" => "information"
},
"tags" => [
[0] "beats_input_codec_plain_applied"
],
"message" => "Successfully scheduled Software Protection service for re-start at 2121-05-30T17:10:36Z. Reason: RulesEngine."
I have been working at this issue for quite some time and just can't seem to figure out why I am unable to see my data in Kibana. I have tried quite a few things including this tutorial: Getting Started With Winlogbeat | Winlogbeat Reference [6.8] | Elastic
When I wasn't using Logstash and was sending the beat data directly to Kibana it was working perfectly. I can post whatever .yml, log, or config files needed and any help is greatly appreciated.
Thanks,
Jared