Elastic Agent Doesn't Seem To Be Collecting Winlogbeat Data

Jared9922 · August 9, 2022, 4:56pm

I am working on getting elastic security setup. I am using a self-managed elastic stack. I have successfully added a fleet server and an elastic agent. The elastic agent is added to a Windows machine. The agent is sending data like it supposed to but there are some issues

It doesn't look like it is using Winlogbeat at all. I am trying to write some rules that are based off of some windows logs but it doesn't look like the elastic agent is collecting windows logs or winlogbeat data at all. Do I configure this somewhere? It seems to be getting filebeat and metricbeat stuff just fine

Any help with these issues is greatly appreciated.

Thanks,
Jared

system · September 6, 2022, 4:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic Agent - Windows logs + Tagging Beats elastic-stack-security , winlogbeat , elastic-agent	5	1297	September 29, 2020
Elastic Agent System integration not collecting Windows Event Log Beats docker , fleet	2	2829	January 13, 2023
Does the elastic agent contain winlogbeat? Elastic Security fleet	2	1735	September 17, 2021
Windows Elastic Agent System Integration not pulling Security or Application events Elastic Security elastic-stack-security , fleet , integrations	4	1030	March 23, 2022
What is Elastic agent? Elastic Agent	7	597	November 24, 2022

Elastic Agent Doesn't Seem To Be Collecting Winlogbeat Data

Related topics