The steps I took are as follows:
- Ran PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-filebeat.ps1
- in the filebeat.yml and filebeat.full.yml files, I changed output.elasticsearch hosts ["localhost:9200"] to ["host IP address:9200"]. I'm not going through logstash so I left that part unchanged.
- I'm attempting to use the file.template.json file, so I have left this unchanged.
- Started the service by Start-Service filebeat which I confirm starts successfully.
- Because this VM is offline and there is no way it could go online, I downloaded beats-dashboards-5.4.0.zip and put it within the following directory: c:\ELK-Stack\filebeat\scripts\ folder.
- I run the following command: .\scripts\import_dashboards -file c:\ELK-Stack\filebeat\scripts\beats-dashboards-5.4.0.zip -es http://ip of my ES host:9200
- An extract of the above results are in the image below:
- Restart the ES, Kibana and filebeat services.
- Open Kibana and wait for around 2 minutes and then go into management.
- Try to refresh filebeats mapping and get the error as seen in my first post.
I hope this answers your question in regards to the steps I took. Am I missing something or doing something wrong?
Worth pointing out that Winlogbeat and packetbeat are working well.
Hope you or someone else can assist!
Thanks
BMV