EventLog input/plugin only supports Application, System and Security.... why?!?!?


I've got a custom Windows Event log file, but when I specify this logfile name, logstash stash complains with the following error message... any knows why its restrictive to 3 known logfiles?

←[31mInvalid setting for eventlog input plugin:

input {
eventlog {
# This setting must be a ["Application", "Security", "System"]
# Expected one of ["Application", "Security", "System"], got ["Application
", "CustomLogfileName"]
logfile => ["Application", "CustomLogfileName"]
} {:level=>:error}←[0m
←[31mfetched an invalid config {:config=>"input {\n eventlog {\n type => "
Win32-EventLog"\n logfile => ["Application", "CustomLogfileName"]\n }\n}\n\nout
put {\n stdout { codec => rubydebug }\n}\n\n\n", :reason=>"Something is wrong
with your configuration.", :level=>:error}←[0m
The signal HUP is in use by the JVM and will not work correctly on this platform

Why not use winlogbeat instead? https://www.elastic.co/guide/en/beats/winlogbeat/current/index.html

Sure I don't mind... but I guess what I was trying to find out is why it doesn't allow other logfiles to be used as opposed to using winlogbeat. I've seen winlogbeat already, but was just wondering why logstash had that restrictions.

No idea sorry, PRs welcome though :slight_smile: