I am using Elasticsearch, kibana and winlogbeat, all version 7.10.1
I configured winlogbeat and run: .\winlogbeat.exe setup -e and I had no error in my winlogbeat logs, but in kibana there are some dashboards working and some of them I am getting errors:
Could not locate that index-pattern-field (id: powershell.connected_user.name)
Could not locate that index-pattern-field (id: powershell.engine.version)
Could not locate that index-pattern-field (id: powershell.command.name)
Could not locate that index-pattern-field (id: powershell.provider.name)
Till now I didn't find out how to solve this errors, I will keep you updated if I find something
It could be cause I am not running powershell command in my machines, but in this case it should display 0 and not error, so a little bit confusing
I couldn't manage to rerun this as it needs direct connection to elasticsearch and not logstash which is something I'm having trouble with. So if this run from your side with no errors please let me know.
Also I found this where we can add them manually, but honestly am not expert in this and I'm afraid to break things up.
I already tried .\winlogbeat.exe setup -e as I mentionned it in my first post, it worked correctly and I hadn't any error in my logs, the only problem is in the dashboards.
I couldn't understand why you couldn't run again the command ! if you have some errors in your logs, you can show them, and maybe I can help you
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
