Elastic Agent - Windows logs + Tagging

Hi, does anyone know if the Elastic Agent/Ingest Manager will be getting a Winlogbeat integration module?

Currently we are deploying Auditbeat/Filebeat/Metricbeat/Winlogbeat + Sysmon in a MSI bundle, as well as a separate Endgame sensor.
We'd love to only deploy the Elastic Agent but it only appears to have Filebeat/Metricbeat modules + Elastic Security.

On a side note, does anyone know of a way to add a field/tag to Elastic Agent logs?
We perform document level security for multiple departments based on a field called 'environment' and it would be handy to maintain this granularity.

We plan to add support for winlogbeat to Elastic Agent in the future. I wanted to give you an issue to track it on your end but seems we don't have one yet. Interested to open one on Github? https://github.com/elastic/beats/issues

To add fields, you should be able to use the add_field processor inside each input: https://www.elastic.co/guide/en/beats/filebeat/current/add-fields.html Let me know if this works.

Thanks for the reply ruflin. I'll raise an issue in GitHub tomorrow.

RE adding fields, we are already doing this in *Beat, but I wanted to know if it's achievable in Elastic Agent Fleet managed.

https://github.com/elastic/beats/issues/20886 raised

Thanks for the issue.

Unfortunately at the moment, we only support the processor part in standalone and not yet through Fleet. But we plan to add support for processors / your own additional configs in the near future.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.