Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Problem in Windows event log ingestion

Highlighted

Problem in Windows event log ingestion

New Contributor

Hi @Stefan Kupstaitis-Dunkler

I Installed winlogbeats on Windows workstation with below config :

output.logstash:
  hosts: ["nifi.node.srv:5098"]

and I use this nifi processors to stream event to metron:

97554-nifi1.png

listenbeats config :

97555-nifi2.png

Publishkafka cofig :

97556-nifi3.png

Nifi Data provenance in publishkafka processor :

97557-nifi4.png

and I create sensor in Management UI with logstash parser and winlogtop topic ( kafka):

96657-metron-sensor.png

Event transfered fast to Listenbeats processor but transfer from queue to publishkafka is very very slow or zero and output of publishkafka is zero .

is it Nifi data provenance log is normal ?

now I can't see any log data in alert UI or kibana . what's problem ?

Thanks

Don't have an account?
Coming from Hortonworks? Activate your account here