Parsing non-live windows event logs into winlogbeat

I have old windows event logs in the computer where I installed winlogbeat. How do I get winlogbeat to parse them instead of live windows event logs?

You can set the name parameter to the absolute path of an .evtx file and it will read that in. You can use this to load in logs from a file that is "non-live". See the example in https://www.elastic.co/guide/en/beats/winlogbeat/7.2/faq.html#reading-from-evtx.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.