Trying to add windows winlogbeat and the standard dashboards, but dashboards are empty

fribse · June 1, 2022, 9:49am

Hi All
After rebuilding the entire elastic stack to 7.16.3 currently, I wanted to expand the elastic to also monitor our windows servers.

I have a winlogbeat config that looks like this:

winlogbeat.event_logs:
  - name: Security
    fields:
      logtype: winlogbeat
  - name: Application
    fields:
      logtype: winlogbeat
  - name: System
    fields:
      logtype: winlogbeat

setup.template.settings:
  index.number_of_shards: 2

output.logstash:
  hosts: ["logstash.onead.dk:5000"]

My logstash pipeline config looks like this:

input {
        beats {
                port => 5000
                ecs_compatibility => disabled
        }
        syslog {
        }
}

#############################################
#  Winlogbeat does not require processing   #
#############################################
...
output {
  elasticsearch {
    hosts => "https://elasticsearch:9200"
      index => "%{[fields][logtype]}-%{[@metadata][version]}-%{+YYYY.MM}"
      document_type => "%{[@metadata][type]}"
      cacert => "/usr/share/logstash/config/certs/ca/ca.crt"
      user => XXX
      password => XXX
  }
}

I can see data flowing nicely into elastic

but when I open the dashboards that are installed as per default, most of them are empty.
What did I do wrong?

sudhagar_ramesh · June 1, 2022, 10:49am

Hello @fribse

Please execute this below command to load the default dashboards

./winlogbeat setup --dashboards

For more information, refer this below link

sudhagar_ramesh · June 2, 2022, 11:38am

Hello @fribse

is the default dashboards loaded now with the beats data using the above command

sudhagar_ramesh · June 13, 2022, 8:23am

Hello @fribse

Able to load the standard dashboards with your inputs??

Keep Posted !!! Thanks !!!

system · July 11, 2022, 8:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.