Hello,
winlogbeat 1.3 is installed and successful send event log directly to elastic on port 9200. Index is created in Kibana and I can see fields related to winlogbeat except all the "event_data fields.*" !
Those fields are not present in Winlogbeat 1.x. That data/feature was added in Winlogbeat 5.x.
Does Winlogbeat 5.x is compatible with Elasticsearch 2.3.x ?
If yes, can I upgrade from Winlogbeat 1.3 to 5.x ?
Yes, we include an index template that is compatible with ES 2.x.
There are some minor changes in the configuration files. I recommend you see the upgrade guide. There will be some minor config file changes and you will need to install and updated index template.
https://www.elastic.co/guide/en/beats/libbeat/5.0/_upgrading_from_1_x_to_5_x.html
Thanks again for your great support,
Just to let you know that it's working now.