My winlogbeat is on windows server and ELK is on Ubuntu server. After upgrading to 7.1.1 and enabling X-pack , winlogbeat is unable to connect to ES and giving me error: connectex: No connection could be made because the target machine actively refused it
I also tried connecting to logstash and configuring winlogbeat.conf
When you set host => 127.0.0.1 in your Logstash configuration you are limiting incoming Beat connections to Beats running on the localhost. If you are expecting connections from outside machines then do not set the host option for the beats input in Logstash.
A similar settings exists in Elasticsearch. It's called network.host. If you're expecting connections from hosts on different machines then you need to set this option. Networking | Elasticsearch Guide [8.11] | Elastic
if you have enable security then you need user and password in your output section. this is what I am using.
did you setup all required internal user using following, then you need user/password
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.