How to setup Hyper V with winlogbeat

Elastic Stack Beats
1

Hey,

I want to monitor hyper v events using winlogbeat.
How to do that, can someone please help.

Thanks,
Tahseen.

2

Get a list of the Hyper-V event log channel names and then add them to your winlogbeat.yml file.

As mentioned in Winlogbeat - How to determine correct channel names try using Get-WinEvent -ListLog * | Format-List -Property LogName | Select-String -Pattern "Hyper-V". Then for each channel name add an entry to the config file.

3

Yes I did and it worked.
i have configured in windows module using metricbeat.

> - module: windows
>   metricsets:
>     - perfmon
>   period: 1s
>   perfmon.counters:
>     - instance_label: processor.name
>       instance_name: total
>       measurement_label: processor.time.total.pct
>       query: '\Processor Information(_Total)\% Processor Time'
> 
>     - instance_label: physical_disk.name
>       measurement_label: physical_disk.write.per_sec
>       query: '\PhysicalDisk(*)\Disk Writes/sec'
> 
>     - instance_label: physical_disk.name
>       measurement_label: physical_disk.write.time.pct
>       query: '\PhysicalDisk(*)\% Disk Write Time'
> ###### making changes below.
>     - instance_label: logical_processor.name
>       instance_name: hyper v
>       measurement_label: logical_processor.time.total.pct
>       query: '\Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time'
> 
> 
>     - instance_label: logical_disk.usage
>       instance_name: hyper v disk-write
>       measurement_label: logical_disk.write.per_sec
>       query: '\LogicalDisk(_Total)\Avg. Disk sec/Write'
> 
>     - instance_label: logical_disk.usage
>       instance_name: hyper v disk-read
>       measurement_label: logical_disk.read.per_sec
>       query: '\LogicalDisk(_Total)\Avg. Disk sec/Read'
> 
>     - instance_label: Memory.usage
>       instance_name: hyper v ram
>       measurement_label: memory.write.time.pct
>       query: '\Memory\Available MBytes'

Thanks

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.