I'm extremely new to all of this. I have about 25 Windows event logs forwarding to an ELK stash server and I very much like the results.
Going forward, i wonder if there is a way to monitor the winlogbeat service using the ELK stash itself? Can someone think of a query or other way I could verify that this list of 25 servers has 'reported' in to the elk stash server sometime in the last X hours? No windows system would go 3 or 4 hours without SOME type of log. Just interested in thoughts. Thanks.