winlogbeat missing gl2_source_collector value

[jamier9]

Problem description

No messages returned when clicking the 'show messages' button in the collectors page for the relevant client. Messages are being received from the collector but are missing the gl2_source_collector id value, hence missing in the show messages search. The issue only affects the windows collectors. Other gl2_ fields are being populated.

Steps to reproduce the problem

Install of collector sidecar 0.0.9 x64 on windows 2008 r2 hosts, configure for relevant graylog address/input then see if messages are shown from the collectors page show messages button.

Environment

• Sidecar Version: 0.0.9 x64
• Graylog Version: 2.1.1
• Operating System: Centos 6.8 server, windows 2008 r2 client (beats)
• Elasticsearch Version: 2.3.3
• MongoDB Version: 3.2.3

[mariussturm]

This is currently not possible with Winlogbeat. It will be added in the upcoming 5.0 version though: elastic/beats#1092

[bernd]

Will be fixed in the upcoming release of the collector sidecar. Thanks for your report!