Hello,
recently I have installed in my lab cluster ELK 7. Now I'd like to send events from Windows to ELK. How properly should I configure winlogbeat?
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["10.0.0.1:9200","10.0.0.2:9200"]
Is it proper configuration?
hi @zen.xen, there are multiple configuration options here, I strongly suggest having a look at https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-configuration.html and https://www.elastic.co/guide/en/beats/winlogbeat/current/elasticsearch-output.html on the configuration steps and the basic winlogbeat.yml sample.
For example, in the winlogbeat.event_logs section, you will have to specify the event logs you want to monitor. It seems that at least one event log must be configured as part of event_logs. Example below:
winlogbeat.event_logs:
- name: Application
- name: Security
- name: System
You might want to add some logging configuration as well, or if elasticsearch is secured, username and password should be added, etc.
If you encounter any issues while configuring winlogbeat, please provide us with the content of the winlogbeat.yml file and the exception/stack trace.
Hi,
I configured options in winlogbeat, it works, but like I mentioned in my previous post, I have 2-node cluster, node-01: 10.0.0.1 and node-02: 10.0.0.2, the section output looks like this:
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["10.0.0.1:9200","10.0.0.2:9200"]
is it correct?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.