Difference between enable Module and fetching logs directly

stephenb · June 7, 2021, 3:14am

I pretty much explain exactly how do do this here

This means using logstash as an aggregation point ... I also discussed that in this thread

Example Architecture
Many Filebeat(s) -> Logstash -> Elasticsearch or Elastic Cloud

Just substitute winlogbeat with filebeat in the steps.

Also here is the reference in the docs

Topic		Replies	Views
IIS module fields Beats filebeat	3	351	February 5, 2019
Configuration problem Beats filebeat	2	299	August 7, 2018
How to use IIS Module with Logstash? Beats filebeat	8	5444	December 28, 2018
IIS Module - not groking Beats	4	1578	November 16, 2018
Custom ingest alongside with IIS module Beats filebeat	5	631	June 12, 2020