Winlogbeat Windows config to see logs on Kibana Dashboard

Elastic Stack Beats
1

Hello everyone,i need help in Winlogbeat config to see logs on Kibana Dashboard.

I have install a ELK server on a ubuntu 18.04 virtualisation and it's work ! no problem here.
I need add logs of a Virtual Windows Server into the Kibana Dashboard. To do this i install Winlogbeat and only Winlogbeat on my Virtual WindowsServer (does I need install logstach too ? or Elasticsearchmaybe ?)
My ELK server as the ip address 192.168.43.24
and my Windows Server as ip address : 192.168.43.89 (ping on ELK server ok)

This is my winlogbeat.yml uncomment :

Winlobeatconfig
Winlobeatconfig.png1074×591 27.4 KB

On Powershell when i run "net start winlogbeat" the service start corectly.
I try ".\winlogbeat.exe setup --dashboards"

commande%20dashboard
commande dashboard.png1908×60 7.76 KB

Does i need change something in Logstash config file ? actually logstash listen on 5044.
Please be indulgent I am a trainee lol
Thank you.

2

Hi @Luuckyx
Have you configured correctly an input and output in your logstash?
In that case, can you share both?

1 Like
3

Hi @dgonzalezp, thank you for your help,

I dont have make modification into my input or output config's files when i decide to add a windows server.

beat%20confff
beat confff.png1109×498 2.19 KB

outputconf
outputconf.png1147×409 2.01 KB

4

Hi again @Luuckyx sorry about the delay.

Logstash looks good.
Can you see any index created in Kibana like in the following screenshot?

image
image.png1690×661 69.6 KB

5

Hello @dgonzalezp, thank you again spending time
Nothing like that in my Kibana dashboard, you think its cause of HyperV Virtualisation ? Possible ? (Im not sure cause i can ping on my ELK server with the windows server and conversly)

Kibana
Kibana.png1863×641 66.9 KB

6

Ok Im back, sorry I had to create a new VM with Winlogbeat (I deleted my old one) anyway.
Try adding the following lines to your winlogbeat.yml file:

output.elasticsearch:
hosts: ["yourelasticIP:9200"]

If this dont work, try avoid logstash commenting the output in your your winlogbeat.yml file.

1 Like
7

And if that keep not working, please share your elasticsearch.yml

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.