You need to log in to create posts and topics.

Installing Metricbeat for Windows

This will show you how to connect Metricbeat to Windows system logs and ship them directly to the Vizion.ai platform.

 

1. Download the Metricbeat 6.5.4 64 bit for Windows.

https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-oss-6.5.4-windows-x86_64.zip

 

2. Extract the contents of the zip file into C:\Program Files.

 

3. Rename the metricbeat-6.5.4-windows directory in C:\Program Files to Metricbeat.

 

4. Open a PowerShell prompt as administrator and cd into C:\Program Files.

Tip: Right-click on the PowerShell icon and select Run as Administrator.

 

5. Next, set the execution policy to be able to run the execution script. Cd into the Metricbeat folder and run the following script:

          PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-metricbeat.ps1

 

6. Configure the metricbeat.yml  file with the correct Vizion.ai credentials.

Tip: The easiest way to do this is to open the file up in a code editor such as Visual Studio Code.

Modules Configuration

#========================== Modules configuration ============================
metricbeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: true
# Period on which files under path should be checked for changes
#reload.period: 10s
Kibana
#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://%5B2001:db8::1]:5601
#host: "localhost:5601"
username: "<username>"
password: "<password>"
Elasticsearch
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["<Elasticsearch API Endpoint>"]
# Optional protocol and basic auth credentials.
protocol: "https"
username: "<username>"
password: "<password>"

 

 

7. Test the metricbeat.yml configuration. In PowerShell, run the following script in the Metricbeat folder:

.\metricbeat.exe -e -configtest

Tip: The Metricbeat configuration will display in the terminal without any ERROR messages if everything is entered correctly.

 

8.  Run the program in the foreground to make sure everything is setup:

            .\metricbeat.exe -c metricbeat.yml -e -d "*"

This will run Filebeat in the terminal and will continually display any logs being added in real-time. Use CTRL-C to terminate the foreground process.

 

9. Once the config has been tested and runs without any ERROR messages, install Metricbeat as a service:

            .\install-service-metricbeat.ps1

 

10. Test that Metricbeat has been installed as a service:

             service metricbeat

Tip: If installed correctly, the terminal will display the Status, Name, and DisplayName.

 

11. Start the Metricbeat service as a background process: 

              start-service metricbeat

Logs should already start appearing in the Vizion.ai Discover tab within seconds.

 

12.  In the Discover tab of the Vizion.ai Kibana dashboard, create an index to display the logs.

Inputting metricbeat-* should match the incoming metricbeat logs from Windows. Click "next" to continue setting up the index with the desired configuration. Upon completion, the metricbeat logs from Windows should start displaying in real-time as they are created.

Tip: The Refresh Interval may need to be modified to a shorter time span to see incoming the logs appear.