Hi Guys, i had a problems while config the winlogbeat.yml file in Winlogbeat folder to make it send log to Logstash but it came back with the above errors, so i hop someone that have the similar problem to me can solve this, thanks
Hey @Vi_Hung_Tr_n welcome to discuss 
This looks like a problem with the winlogbeat.yml configuration file, could you share it?
1 Like
Hi Jaime, thanks for reply my problem.
Sorry for replying you so late
Here is my winlogbeat.yml file on my Windows server 2008 R2 Host:
i only change the logstash host ip into my ELK server.
Other config i follow the tutortial which i've found on Eslatic.co :https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-installation.html
Don't know i have done wrong something.
Hey @Vi_Hung_Tr_n,
Could you try quoting the values where you are using variables, for example here:
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: System
- name: Security
processors:
- script:
lang: javascript
id: security
file: '${path.home}/module/security/config/winlogbeat-security.js'
- name: Microsoft-Windows-Sysmon/Operational
processors:
- script:
lang: javascript
id: sysmon
file: '${path.home}/module/sysmon/config/winlogbeat-sysmon.js'
Dear Jaime, thanks , I've solved this problem by re-install the whole stack plus Winlogbeat
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.