Handle winlogbeat type

[birdman4512]

Hi.

This may be my error. I have opened port 5044 on the server and configured two servers (one filebeats on a linux host, the other WinLogbeats on a Windows host)
Neither of these are showing up in the SOF-ELK instance.

Windows Host:
I have run a tcpdump on the SOF-ELK server to ensure that packets are getting to the host, I can see the traffic arriving. See example below:
06:05:20.934692 IP 192.168.0.150.65190 > 192.168.20.26.lxi-evntsvc: Flags [.], seq 6578449:6579909, ack 127, win 512, length 1460
06:05:20.934745 IP 192.168.0.150.65190 > 192.168.20.26.lxi-evntsvc: Flags [.], seq 6579909:6581369, ack 127, win 512, length 1460
06:05:20.934796 IP 192.168.20.26.lxi-evntsvc > 192.168.0.150.65190: Flags [.], ack 6581369, win 2073, length 0
06:05:20.934825 IP 192.168.0.150.65190 > 192.168.20.26.lxi-evntsvc: Flags [.], seq 6581369:6582829, ack 127, win 512, length 1460

However nothing shows up in the Dashboard
The FileBeats output configuration is (Windows Host)
output.logstash:
hosts: ["192.168.20.26:5044"]

Any tips on what might be going wrong?

[philhagen]

I suspect this may be that the "type" being shipped is not handled. SOF-ELK is not presently handling winlogbeat records, either, so those would be dropped without any processing... I have a few types that are in the queue to handle now... However, I'll rename this issue to be a feature request to handle winlogbeat and try to get that handled.