Kibana Issues

[Director-Fusion-zz]

Hi all. I am having an issue sending winlogbeats data to Kibana in SecOnion 2.3.2. I get this after issuing the commands in Windows Terminal. The Sec Onion server is a vm. I can access the Sec Onon SOC and view Kibana. When I access the SecOnion VM and run so-status everything is green and ok. I made sure I had the kibana output uncommented for the IP address and port in my .yml files. I ran so-allow for the Analyst option, elasticsearch and logstash. Did anyone have to do further configurations? Any pointers? This worked fine in SO 16.

PS C:\Users\Cory\Desktop\elk\winlogbeat-6.8.0-windows-x86_64> .\winlogbeat.exe setup
Loaded index template
Loading dashboards (Kibana must be running and reachable)
Exiting: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: fail to get the Kibana version: HTTP GET request to /api/status fails: fail to execute the HTTP GET request: Get http://localhost:5601/api/status: dial tcp 127.0.0.1:5601: connectex: No connection could be made because the target machine actively refused it.. Response: .

[greatapoc]

You need to be using the version in the Downloads section of your SO install. You’re using a very old version, it’s 7.9.3 now. Looks like yours is trying to send to localhost.

You should be outputting to logstash, not kibana or elasticsearch.