Difference between enable Module and fetching logs directly

stephenb · June 7, 2021, 3:14am

I pretty much explain exactly how do do this here

This means using logstash as an aggregation point ... I also discussed that in this thread

Example Architecture
Many Filebeat(s) -> Logstash -> Elasticsearch or Elastic Cloud

Just substitute winlogbeat with filebeat in the steps.

Also here is the reference in the docs

Topic		Replies	Views
Parsing IIS Logs Beats filebeat	1	196	October 18, 2022
IIS Log message field doesn't always get parsed Beats filebeat	12	2642	September 5, 2018
Howto ingest from application logs and modules? Beats beats-module , filebeat	2	341	June 8, 2021
Filebeat-6.7.0 on windows IIS module Beats filebeat	1	406	May 2, 2019
Edit IIS Module Pipeline Beats filebeat	5	935	August 30, 2021