I have old windows event logs in the computer where I installed winlogbeat. How do I get winlogbeat to parse them instead of live windows event logs?
You can set the
name parameter to the absolute path of an .evtx file and it will read that in. You can use this to load in logs from a file that is "non-live". See the example in https://www.elastic.co/guide/en/beats/winlogbeat/7.2/faq.html#reading-from-evtx.