Can I tag the events using Winlogbeat?

thyfere · April 7, 2016, 7:45am

Hi,

I am shipping auditing logs from Windows machines, I am already using a different index for auditing logs which is different than Windows Domain Controller logs. Can I tag the logs using Winlogbeats?

mourlos · April 7, 2016, 12:31pm

Yes it is possible.
In this section of the winlogbeat you can specify the tag that all the logs from that beat will have

[CODE]
shipper:
tags: Name_of_the_tag
fields:

[/CODE]

andrewkroh · April 7, 2016, 3:47pm

In version 5 you can also apply tags and fields in the event_logs config. See https://www.elastic.co/guide/en/beats/winlogbeat/master/configuration-winlogbeat-options.html#_event_logs_tags

winlogbeat:
  event_logs:
    - name: CustomLog
      tags: ["web"]

winlogbeat:
  event_logs:
    - name: CustomLog
      fields:
        customer_id: 51415432

Topic		Replies	Views
Elastic Agent Custom Windows Event Logs Beats winlogbeat	5	3144	June 15, 2022
Filtering Winlogbeat on Event ID Beats winlogbeat	8	10032	July 5, 2017
No logs being sent by Winlogbeat Beats winlogbeat	0	150	April 22, 2024
Using Channel Names in Winlogbeat Config Beats winlogbeat	5	2049	April 12, 2016
Unable to ship logs using Winlogbeat due to poor Windows API Performance Beats winlogbeat	1	198	February 7, 2024

Can I tag the events using Winlogbeat?

Related Topics