I'm testing the new Winlogbeat and I've been able to get events in my test ELK. I loaded the beats-dashboards-master using the load command from the readme and pieces succeeded with "created":true. I can see the dashboard, but all visualizations say "No Results found".
I just re-tested them to make sure they are working. I didn't find any issues.
In the Kibana Discover tab, do you see data in the winlogbeat-* index?
The dashboards are just looking for data in indices matching winlogbeat-*. Maybe try using a larger time window. In the upper right change to something like Last 30 Days.
That's the problem, I have to appologize I'm very new to the whole ELK stack. All of the events are coming into the logstash-* index.
I'm using logstash and not sending the events straight to elasticsearch. Is it the config for logstash or winlogbeat I need to update? I found a commented entry for index under the winlogbeat config. I uncommented and restarted, but new events are still coming in the logstash-* index.
I figured it out, it was my logstash config for beats, I found a better example config and it worked. Thanks for your help!
Glad you got it working. There is also an example in the docs of how to use Beats with Logstash:
https://www.elastic.co/guide/en/beats/libbeat/current/logstash-installation.html#logstash-setup