Now that I have deployed winlogbeat to collect events from my event viewers, how can I go on about collecting events from my development environment?
Would it work something like this:
Instead of installing winlogbeat locally, I would have to delete that and install winlogbeat on my dev environment? or can I install winlogbeat on my dev environment while keeping it on my host? wouldnt create repeated logs?
could someone shed some light onto this?
Hi @Marcos_Felix,
You can send events from many locations. Everything coming from beats include some extra metadata you can use to filter it later on in Elasticsearch, for instance. you can use the beat.hostname field to differenciate production from dev.
I was thinking of installing winlogbeat in each of those environments, would that work or is that a bad way of doing it?
That would work
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.