Is it possible for one Windows server running Winlogbeats to forward its windows event logs to another Windows server running Winlogbeats that can then forward/relay them to elastic? I'd prefer not to go through the complexity of setting up a WEF Collector and NXlog and just use Winlogbeats if possible but I haven't found any documentation if it's possible.
The normal pattern for this would be.
Sources > Winlogbeat (many) > Logstash > Elasticsearch
Where Logstash acts as the collect and forward component. This is a very common architectural pattern with the elastic stack.
Winlong beat is not really designed to be a collect and forward component.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.