I'm installing Winlogbeat on a windows server 2016 DC. When I run winlogbeat test config, it gave both error and Config OK. Is it OK or Error then.
winlogbeat.yml file as below
winlogbeat.event_logs:
name: Application
ignore_older: 24h
name: Security
ignore_older: 24h
name: System
ignore_older: 24h
output.elasticsearch:
hosts:
- localhost:9200
setup.kibana:
host: "localhost:5601"
logging.to_files: true
logging.files:
path: C:/ProgramData/winlogbeat/Logs
logging.level: info
Command and output as below:
PS C:\Program Files\winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e
.\winlogbeat.exe : 2018-05-07T17:40:40.108Z INFO instance/beat.go:468 Home path: [C:\Program Files\winlogbeat] Config path: [C:\Program Files\winlogbeat] Data path:
[C:\Program Files\winlogbeat\data] Logs path: [C:\Program Files\winlogbeat\logs]
At line:1 char:1
.\winlogbeat.exe test config -c .\winlogbeat.yml -e
2018-05-07T17:40:40.145Z INFO instance/beat.go:475 Beat UUID: 10395ff9-94ac-4391-b0d4-445cfdbaf898
2018-05-07T17:40:40.145Z INFO instance/beat.go:213 Setup Beat: winlogbeat; Version: 6.2.4
2018-05-07T17:40:40.146Z INFO elasticsearch/client.go:145 Elasticsearch url: http://localhost:9200
2018-05-07T17:40:40.146Z INFO pipeline/module.go:76 Beat name: AZCWVTST1514
2018-05-07T17:40:40.146Z INFO beater/winlogbeat.go:56 State will be read from and persisted to C:\Program Files\winlogbeat\data.winlogbeat.yml
Config OK
is just Powershell complaining that winlogbeat is printing messages to standard error output (stderr). This is caused by the -e flag in winlogbeat.
You can run winlogbeat without the -e flag so it prints its log to winlogbeat.log or just ignore this error. It has nothing to do with the configuration.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.