Hello there,
I am new to winlogbeat and elastic stack. I have installed winlogbeat 7.11.0 to monitor windows event logs of a proprietary application (eXX). The windows event log contains entries from 10th March upto 26th March 20201. My winlogbeat.yml is given below. I don't see any windows event logs going to logstash 7.11.0. Can someone help me getting it right? Does winlogbeat ignore events already present in the windows event log?
winlogbeat.event_logs:
- name: eXX
event_id: 1, 2, 3
setup.ilm.enabled: false
setup.ilm.check_exists: false
output.logstash:
hosts: ["localhost:5044"]