Elastic Agent Doesn't Seem To Be Collecting Winlogbeat Data

I am working on getting elastic security setup. I am using a self-managed elastic stack. I have successfully added a fleet server and an elastic agent. The elastic agent is added to a Windows machine. The agent is sending data like it supposed to but there are some issues

It doesn't look like it is using Winlogbeat at all. I am trying to write some rules that are based off of some windows logs but it doesn't look like the elastic agent is collecting windows logs or winlogbeat data at all. Do I configure this somewhere? It seems to be getting filebeat and metricbeat stuff just fine

Any help with these issues is greatly appreciated.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.