Can I tag the events using Winlogbeat?

thyfere · April 7, 2016, 7:45am

Hi,

I am shipping auditing logs from Windows machines, I am already using a different index for auditing logs which is different than Windows Domain Controller logs. Can I tag the logs using Winlogbeats?

mourlos · April 7, 2016, 12:31pm

Yes it is possible.
In this section of the winlogbeat you can specify the tag that all the logs from that beat will have

[CODE]
shipper:
tags: Name_of_the_tag
fields:

[/CODE]

andrewkroh · April 7, 2016, 3:47pm

In version 5 you can also apply tags and fields in the event_logs config. See https://www.elastic.co/guide/en/beats/winlogbeat/master/configuration-winlogbeat-options.html#_event_logs_tags

winlogbeat:
  event_logs:
    - name: CustomLog
      tags: ["web"]

winlogbeat:
  event_logs:
    - name: CustomLog
      fields:
        customer_id: 51415432

Topic		Replies	Views
Can I filter the logs using event IDs? Beats winlogbeat	3	4558	April 12, 2016
WinlogBeat shipping custom event log to ES, Parsing woes Beats winlogbeat	1	298	December 18, 2020
Winlogbeat not capturing specific event id's in windows server 2012 Beats winlogbeat	3	930	July 3, 2018
Winlogbeat : Microsoft-Windows-PrintService/Operational Beats winlogbeat	9	3081	June 8, 2017
Elastic Agent Custom Windows Event Logs Beats winlogbeat	5	3206	June 15, 2022

Can I tag the events using Winlogbeat?

Related topics