EventLog plugin not ingesting previous logs (log events that were registered before running the logstash). I am running it from command line and it is ingesting the new events.
You haven't given us much information. Is this a problem for you? Do you want some help?
If you want help, what version are you on? What Windows version? What does your config look like?
Hi Mark, Yes I am facing this problem. I want to ingest all the events from the beginning but it only ingests new windows events. I am using logstash 2.0 with elastic search 2.0.
My config is:
input {
eventlog {
type => 'Win32-EventLog'
logfile => 'Security'
}
}
output {
elasticsearch { hosts => localhost
index => 'windows_security'}
stdout { codec => rubydebug }
}