Logstash Input Eventlog

(Rodrigo Porto) #1

Hi everyone,

I have a trouble with Input Eventlog with Logstash 2.3.4 in Windows 2008 R2. My configuration:

input {
eventlog {
type => "test"
logfile => "Test Application Log"

I am trying to obtain Test Application Log under Applications and Services Logs. I type the logfile name literally as it appears in Event Viewer. However, I receice this error:

"Invalid setting for eventlog input plugin:\n\n input {\n eventlog {\n # This setting must be a ["Application", "Security", "System"]\n # Expected one of ["Application", "Security", "System"], got ["Test Application Log"]\n logfile => ["Test Application Log"]\n ...\n }\n }", :level=>:error}

Thanks in advance,


(Christian Dahlqvist) #2

Any reason you are not using Winlogbeat, which according to the support matrix is supported on that platform?

(Rodrigo Porto) #3

Hi Christian,

I know about Winlogbeat, however I prefer to user Input Eventlog.

Is there any problem with Eventlog? How should I use it?

Thanks in advance

(Christian Dahlqvist) #4

I do not run Windows, so have no personal preference or experience. The event log plugin is a community supported plugin while Winlogbeat is a core Elastic component under active development. Based on this I would suspect that you might be able to get more support on Winlogbeat than the event log plugin.

(Rodrigo Porto) #5


I have seen in Github an issue that is about this problem: Issue.

Regarding to Winlogbeat, I would like to have the option "congestion_threshold" in order to have a good control about Redis.


(Christian Dahlqvist) #6

That sounds like a useful feature request. Please feel free to open an enhancement request against the libbeat GitHub repository, as this is the component that handles the integration with Redis.

(system) #7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.