Hello, I've just installed GrayLog + Elasticsearch and I need to collect Windows logs from a Windows machine. I installed WinLogBeat following this instructions: [Grant access using API keys | Winlogbeat Reference [8.5] | Elastic](https://Create an API key for publishing).
But when I try to run curl to set the API key:
curl -X POST "localhost:9200/_security/api_key?pretty" -H 'Content-Type: application/json' -d'
{
"name": "winlogbeat_host001",
"role_descriptors": {
"winlogbeat_writer": {
"cluster": ["monitor", "read_ilm", "read_pipeline"],
"index": [
{
"names": ["winlogbeat-*"],
"privileges": ["view_index_metadata", "create_doc"]
}
]
}
}
}
'
I get the following error:
"error" : {
"root_cause" : [
{
"type" : "index_not_found_exception",
"reason" : "no such index [_security]",
"resource.type" : "index_expression",
"resource.id" : "_security",
"index_uuid" : "_na_",
"index" : "_security"
}
],
"type" : "index_not_found_exception",
"reason" : "no such index [_security]",
"resource.type" : "index_expression",
"resource.id" : "_security",
"index_uuid" : "_na_",
"index" : "_security"
},
"status" : 404
}
I faithfully followed the installation instructions on graylog pages: Debian installation - Installing Graylog
My o.s.: Debian 11.5 - Elasticsearch-Oss v. 7.17 - GrayLog v. 4.3
I didn't delete or uninstall anything. It's a fresh installation.
Thank you all