Hello,
I have windows servers that have access to logstash, but don't have direct access to Elasticsearch cluster nor kibana. How can I properly setup winlobeat to import dashboards/pipelines/indices/... ?
Other beats are not the problem, because they can be installed on linux server that have direct access to Elasticsearch, but I don't have such windows there.
Thank you.
You have to load everything manually.
_meta/kibana dir of Winlogbeat to a Linux machine, set setup.dashboards.directory to the path to the kibana directory and change, setup.template.pattern to winlogbeat-{beat.version} and setup.template.enabled: false then run ./{beatname} setup --dashboards This should work in theory, but you might have some issues.Hi Noémi,
thank you for your answer.
I understand I'll have to upload it by myself. Because of time pressure I set aside one windows server and gave it access to Elasticsearch and kibana. But still I want to have a manner how to do it without separate machine.
Regarding dashboards, I found directory c:\program files\winlogbeat\kibana and there seems to be all the dashboards, so I can download them and upload to elastic via API.
We don't use elastic pipelines, we have logstash to do the hard work, so this should'nt be issue for now.
But I see problem with manual installation of index templates, that have to be downloaded first from existing installation. Isn't there somewhere a simple guide how to create index template for winlogbeat? We already create our own index templates through API via ansible, I only need to know correct parameters for this index to be fully compatible. AFAIK is it enough to create template with ECS, or is there more to do?
ILM is also not the problem as it can be uploaded via API, but I noticed ILM for beats are not assigned to indices but to alias of indices, am I right?
Thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.