Hi,
I am setting up winlogbeat via sidecar. After applying the appropriate configuration (that works on other computers), I am getting this error at collectors administration page under winlogbeat.
" Failing"
If I hover on it, it says “Failed to install service, insufficient system resources exists to complete the requested service”
Looking at the endpoints sidecard logs i can see the following logs…
time="2020-04-21T08:00:09-04:00" level=info msg="Starting signal distributor"
time="2020-04-21T08:00:20-04:00" level=info msg="No configurations assigned to this instance. Skipping configuration request."
time="2020-04-21T08:01:10-04:00" level=info msg="Adding process runner for: winlogbeat"
time="2020-04-21T08:01:10-04:00" level=info msg="[winlogbeat] Configuration change detected, rewriting configuration file."
time="2020-04-21T08:01:20-04:00" level=error msg="[winlogbeat] Failed to install service: Insufficient system resources exist to complete the requested service."
time="2020-04-21T08:01:20-04:00" level=error msg="[winlogbeat] Failed to install service: [Insufficient system resources exist to complete the requested service.]"
time="2020-04-21T08:02:31-04:00" level=info msg="[winlogbeat] Got remote restart command"
time="2020-04-21T08:02:31-04:00" level=error msg="[winlogbeat] Failed to install service: Insufficient system resources exist to complete the requested service."
time="2020-04-21T08:02:31-04:00" level=error msg="[winlogbeat] Failed to install service: [Insufficient system resources exist to complete the requested service.]"
I cant seem to find the issue because the configuration is the same on the other endpoints that are working. I also restarted the graylog sidecar service but the issue still persists. Also confirmed that the endpoint has enough free disk space. The only difference that I could really find is that this is a pretty old box (Windows Server 2003 R2)