We are in the early stages of an installation of the ELK stack, and we are going to be using Winlogbeat as part of a SIEM platform that uses the ELK stack as the backbone.
We would very much like to not have to maintain 3,000+ various configuration files across servers and workstations. While I know that we can use SCCM to maintain the configuration files, several hundred to perhaps a thousand endpoints are not in constant communication with SCCM and thus wouldn't fit this model.
Has anyone had success with changing the path variable in the yml file to use an offsite or cloud-based file?
Cheers!