[Winlogbeat 7.10.1 dashboards]: could not locate some index pattern fields

Elastic Stack Beats
#1

Hello,

I am using Elasticsearch, kibana and winlogbeat, all version 7.10.1

I configured winlogbeat and run: .\winlogbeat.exe setup -e and I had no error in my winlogbeat logs, but in kibana there are some dashboards working and some of them I am getting errors:

Could not locate that index-pattern-field (id: powershell.connected_user.name)
Could not locate that index-pattern-field (id: powershell.engine.version)
Could not locate that index-pattern-field (id: powershell.command.name)
Could not locate that index-pattern-field (id: powershell.provider.name)

image
image1833×898 90.6 KB

image
image1837×910 74 KB

Could you tell please how to solve these errors

Thanks

[Winlogbeat 7.10.1 dashboards]: could not locate some index pattern fields
[Winlogbeat 7.10.1 dashboards]: could not locate some index pattern fields
#2

Having same issue here, did you managed to solve this out? Please let me no.

Regards,

#3

Hi @ethical20,

Till now I didn't find out how to solve this errors, I will keep you updated if I find something
It could be cause I am not running powershell command in my machines, but in this case it should display 0 and not error, so a little bit confusing

Best regards

#4

Thanks @Abdelhalim

Have you tried to rerun this .\winlogbeat.exe setup -e as listed here :

https://www.elastic.co/guide/en/beats/filebeat/current/could-not-locate-index-pattern.html

I couldn't manage to rerun this as it needs direct connection to elasticsearch and not logstash which is something I'm having trouble with. So if this run from your side with no errors please let me know.

Also I found this where we can add them manually, but honestly am not expert in this and I'm afraid to break things up.

https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-put-mapping.html

Good Luck.

Regards,

#5

I already tried .\winlogbeat.exe setup -e as I mentionned it in my first post, it worked correctly and I hadn't any error in my logs, the only problem is in the dashboards.

I couldn't understand why you couldn't run again the command ! if you have some errors in your logs, you can show them, and maybe I can help you

#6

update: I was able to run the command again , ingested the template and Kibana dashboards but unfortunately this didn't solve the main issue.

Still the number of fields in the index pattern the same with missing ones!

image
image1341×673 32.3 KB

#7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.