DNS logs from Windows domain controller are not showing up in SecurityOnion

[ashishmgupta]

I installed the filebeat on a windows domain controller to ingest the DNS logs into security onion.
The DNS logs are being written in a local file .
Filebeat config has the path for that file and also the correct URL to the SO.
From the filebeat logs I can see the queries are being made should be sent to the SO.
But, I'm unable to find that in the SO. I see some other DNS queries under so.* but not the ones I am making.
Can somebody please let me know what am I missing?

filebeat_txt.txt
filebeat-20230528-23.txt

[cm-ops]

Looks like your Filebeat output is Elasticsearch, try using the Logstash output so the log can go through the Logstash pipeline to Elasticsearch.

[ashishmgupta]

Thank you @cm-ops
Do you mean to set this and comment out output.elasticsearch?

output.logstash:
  # The Logstash hosts
  hosts: ["192.168.44.150:5044"]

[cm-ops]

Yes, exactly. You may need to run so-allow on the manager and select b and input the server's IP to open the firewall for the logs as well.