I have 300mb evtx file and I want to send this file to logstash (which is on another machine) using Filebeat. How can I do this ?
NOTE:
I am using winlogbeat to send windows logs to logstash and it's working fine. but I got these evtx logs from somewhere else so how can I send them to logstash
Hi @Coder_HK!
Filebeat ships (text) files so I don't think you can use it directly in this case. However it seems that there are some possible solutions out there.
See:
Thanks!
The FAQ for Winlogbeat has an example of how to read an EVTX file. https://www.elastic.co/guide/en/beats/winlogbeat/current/reading-from-evtx.html
You can use Winlogbeat to read the .evtx file (on a Windows host) and then send it to Logstash (the example shows elasticsearch, but you can change the output).
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.