Support Questions
Find answers, ask questions, and share your expertise

Problem in Windows event log ingestion

Problem in Windows event log ingestion

Explorer

Hi @Stefan Kupstaitis-Dunkler

I Installed winlogbeats on Windows workstation with below config :

output.logstash:
  hosts: ["nifi.node.srv:5098"]

and I use this nifi processors to stream event to metron:

97554-nifi1.png

listenbeats config :

97555-nifi2.png

Publishkafka cofig :

97556-nifi3.png

Nifi Data provenance in publishkafka processor :

97557-nifi4.png

and I create sensor in Management UI with logstash parser and winlogtop topic ( kafka):

96657-metron-sensor.png

Event transfered fast to Listenbeats processor but transfer from queue to publishkafka is very very slow or zero and output of publishkafka is zero .

is it Nifi data provenance log is normal ?

now I can't see any log data in alert UI or kibana . what's problem ?

Thanks