Winlogbeat not working

Hey Guys,

Elasticsearch + Kibana are on the same server - CentOS7. I can reach my server without issue and curl ports.

From a Windows 10 test machine, Winlogbeat is installed correctly according to the doc. I copied the conf over to my machine and changed localhost to my IPaddress. When I do : Start-Process winlogbeat, I see a CMD open and nothing change. I can't see my machine on my Dashboard. When I tested the config file, everything was ok ".\winlogbeat.exe test config -c .\winlogbeat.yml -e" . I have no clue what could be wrong.

Config file

winlogbeat.event_logs:

• name: Application
• name: Security
• name: System

output.elasticsearch:
hosts:
- "192.168.131.128:9200"

setup.kibana:
host: "192.168.131.128:5601"

logging.to_files: true
logging.files:
path: C:\ProgramData\winlogbeat\Logs
logging.level: info

Hello @NewmazN24,

I had the same problems, so I added an elasticsearch node next to it < In Windows >, and connect the elasticsearch node to the cluster < It was the only windows node>,

NB: i connected all the beats in windows to the elasticsearch in the windows.

Mehdi.

I would do it if it wasn't for the license requirements regarding Windows. Nonetheless, thanks for your point, I haven't though about it !

You can add a coordinating node in your windows.
NB : either gold or platinum will only count Elasticsearch data, master and ML nodes

Thanks for you answer. I don't have that time anymore with ELK. I will mark this subject as solved.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.