hi @zen.xen, there are multiple configuration options here, I strongly suggest having a look at https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-configuration.html and https://www.elastic.co/guide/en/beats/winlogbeat/current/elasticsearch-output.html on the configuration steps and the basic winlogbeat.yml sample.
For example, in the winlogbeat.event_logs section, you will have to specify the event logs you want to monitor. It seems that at least one event log must be configured as part of event_logs. Example below:
winlogbeat.event_logs:
- name: Application
- name: Security
- name: System
You might want to add some logging configuration as well, or if elasticsearch is secured, username and password should be added, etc.
If you encounter any issues while configuring winlogbeat, please provide us with the content of the winlogbeat.yml file and the exception/stack trace.