I am using Elasticsearch, kibana, logstash, and winlogbeat, all version 7.10.1
I configured winlogbeat and run: .\winlogbeat.exe setup -e and I had no error in my winlogbeat logs, but in kibana there are some dashboards working and some of them I am getting errors:
Could not locate that index-pattern-field (id: powershell.connected_user.name)
Could not locate that index-pattern-field (id: powershell.command.name)
The issue here is that the fields are not found in the index pattern.
I think you need to click the refresh button on your Kibana index pattern- if I remember correctly, this is not automatically done with the setup command. Index patterns will automatically refresh starting in 7.11, but not yet.
If you refreshed your index pattern and it's still missing fields, then that means you have a more basic problem. Are you sure that winlogbeat is set up correctly? Have you validated that you are seeing data from winlogbeat in Elastisearch?
Okay, I see. Maybe the built-in dashboards are buggy, or maybe there is a bug in the winlogbeat collection of data. I think asking in the Beats forum like the one you posted will be the right place to look for help.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
