Hi,
I am shipping auditing logs from Windows machines, I am already using a different index for auditing logs which is different than Windows Domain Controller logs. Can I tag the logs using Winlogbeats?
Yes it is possible.
In this section of the winlogbeat you can specify the tag that all the logs from that beat will have
[CODE]
shipper:
tags: Name_of_the_tag
fields:
[/CODE]
In version 5 you can also apply tags and fields in the event_logs config. See https://www.elastic.co/guide/en/beats/winlogbeat/master/configuration-winlogbeat-options.html#_event_logs_tags
winlogbeat:
event_logs:
- name: CustomLog
tags: ["web"]
winlogbeat:
event_logs:
- name: CustomLog
fields:
customer_id: 51415432