Hi everyone,
I have a little problem here. I decided to update from the version 6.8.4 to the version 7.17.7. The installation of winlogbeat went well but then it says in the logs that the connexion to Kafka is established but nothing else, it doesn’t push the new events to Kafka. When I revert back to 6.8.4, it works again, I can see the events are getting pushed to Kafka. I use the exact same winlogbeat.yml configuration file in both version.
What am I missing here?
Thanks in advance 
Please share your winlogbeat.yml file.
Sure, there you go:
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
level: critical, error, warning, information
tags: ["system"]
include_xml: true
- name: Security
ignore_older: 72h
level: critical, error, warning, information
tags: ["system"]
include_xml: true
- name: Setup
ignore_older: 72h
level: critical, error, warning, information
tags: ["system"]
include_xml: true
- name: System
ignore_older: 72h
level: critical, error, warning, information
tags: ["system"]
output.kafka:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["mykafkaserver:9092"]
topic: logstash-windows-events
logging.metrics.enabled: false
Anybody have an idea? It still not works.
Thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.