Hi,
I am trying to add custom fields and I don't see field added to the event. Winlogbeat logs show following logs
WARN EventLog[CustomLog] Open() error. No events will be read from this source. The specified channel could not be found. Check channel configuration.
Here is what I am using,
winlogbeat.event_logs:
- name: Application
level: error
- name: CustomLog
fields:
test_field: webserver
Can someone please say what the issue might be
It looks like CustomLog is not a valid event log. You can run Get-EventLog * in PowerShell to get a list of valid event logs. Have you read through Configuring Winlogbeat? It contains detailed information on this topic.
If your goal was to add fields to Application logs, you may want to simply try adding your fields declaration to the Application config block, like so:
winlogbeat.event_logs:
- name: Application
level: error
fields:
test_field: webserver
Thanks Andrew. Will try it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.