I have 300mb evtx file and I want to send this file to logstash (which is on another machine) using Filebeat. How can I do this ?
NOTE:
I am using winlogbeat to send windows logs to logstash and it's working fine. but I got these evtx logs from somewhere else so how can I send them to logstash
Hi @Coder_HK!
Filebeat ships (text) files so I don't think you can use it directly in this case. However it seems that there are some possible solutions out there.
See:
Thanks!
The FAQ for Winlogbeat has an example of how to read an EVTX file. https://www.elastic.co/guide/en/beats/winlogbeat/current/reading-from-evtx.html
You can use Winlogbeat to read the .evtx file (on a Windows host) and then send it to Logstash (the example shows elasticsearch, but you can change the output).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.