Logstash Input Eventlog

Hi everyone,

I have a trouble with Input Eventlog with Logstash 2.3.4 in Windows 2008 R2. My configuration:

input {
eventlog {
type => "test"
logfile => "Test Application Log"
}
}

I am trying to obtain Test Application Log under Applications and Services Logs. I type the logfile name literally as it appears in Event Viewer. However, I receice this error:

"Invalid setting for eventlog input plugin:\n\n input {\n eventlog {\n # This setting must be a ["Application", "Security", "System"]\n # Expected one of ["Application", "Security", "System"], got ["Test Application Log"]\n logfile => ["Test Application Log"]\n ...\n }\n }", :level=>:error}

Thanks in advance,

Regards

Any reason you are not using Winlogbeat, which according to the support matrix is supported on that platform?

Hi Christian,

I know about Winlogbeat, however I prefer to user Input Eventlog.

Is there any problem with Eventlog? How should I use it?

Thanks in advance

I do not run Windows, so have no personal preference or experience. The event log plugin is a community supported plugin while Winlogbeat is a core Elastic component under active development. Based on this I would suspect that you might be able to get more support on Winlogbeat than the event log plugin.

Hi,

I have seen in Github an issue that is about this problem: Issue.

Regarding to Winlogbeat, I would like to have the option "congestion_threshold" in order to have a good control about Redis.

Regards

That sounds like a useful feature request. Please feel free to open an enhancement request against the libbeat GitHub repository, as this is the component that handles the integration with Redis.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.