Hi,
It seems that there is no config which will allow winlogbeat to collect everything available on a given host.
event.log: *
I want to deploy winlogbeat across my environment, but hosts have differing roles and therefore the available event logs and event channels differ from host to host.
I want a single configuration which I can deploy to all hosts, so this could be achieved by including absolutely all event logs/channels we know about in the environment in the config.
My question is: will winlogbeat thrash the CPU if it can't find a particular event log/channel on a host? Will it just constantly check to try to find the log?
Obviously, if that's the case, the solution won't work.
Thanks.