Loading remote configs

We are in the early stages of an installation of the ELK stack, and we are going to be using Winlogbeat as part of a SIEM platform that uses the ELK stack as the backbone.

We would very much like to not have to maintain 3,000+ various configuration files across servers and workstations. While I know that we can use SCCM to maintain the configuration files, several hundred to perhaps a thousand endpoints are not in constant communication with SCCM and thus wouldn't fit this model.

Has anyone had success with changing the path variable in the yml file to use an offsite or cloud-based file?


Hi Andrew, thanks for reaching out. While beats central management is still in beta, it sounds very similar to what you're looking for.


Let us know if you have questions.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.