I got an error when I delete winlogbeat for the first time ...

error is : Get-Process : Parameter cannot be processed because the parameter name 'e' is ambiguous. Possible matches include: -Err
orAction -ErrorVariable.
At line:1 char:3

• PS <<<< C:\Program Files\WinLogbeat>.\winlogbeat.exe -c winlogbeat.yml -e -v -d "*"
  • CategoryInfo : InvalidArgument: ( [Get-Process], ParameterBindingException
  • FullyQualifiedErrorId : AmbiguousParameter,Microsoft.PowerShell.Commands.GetProcessCommand

any help!

What are you trying to accomplish? Uninstall Winlogbeat? What is the exact command you entered? What OS version is this? What Winlogbeat version are you running?

hello sir

i'm just trying to send beat logs from win 7 to centos 7 ...
winlogbeat 5.6.2
yes i uninstall winlogbeat as service in my win7 machine

I run :

cd "C:\Program Files\Winlogbeat"

powershell.exe -ExecutionPolicy UnRestricted -File
.\install-service-winlogbeat.ps1

Start-Service winlogbeat

using powershell

winlogbeat.event_logs:

• name: Application
  ignore_older: 72h

The tags of the shipper are included in their own field with each

transaction published.

#tags: ["service-X", "web-tier"]

Optional fields that you can specify to add additional information to the

output.

#fields:

env: staging

#================================ Outputs

After starting the service what is in the winlogbeat log file? The log should be in C:\Program Files\Winlogbeat\logs\.

this is log file sir

I see this in your log.

2017-09-30T15:07:03+03:00 ERR Connecting error publishing events (retrying): Get http://localhost:9200: dial tcp [::1]:9200: connectex: No connection could be made because the target machine actively refused it.

Winlogbeat is unable to connect to Elasticsearch at http://localhost:9200. Probably some kind of firewall or security tool blocking the connection.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.