Hi,
I want to send my winlogbeat data to two different ES clusters. As far as I know, winlogbeat can't have several outputs.
Is there a way to run two winlogbeat instances with different configs on the same machine?
That's correct. Beats support a single output. It is possible to run more than one instance of the process assuming you modify the configs to use separate data directories.
To avoid duplicating the work that happens on the Windows machine you might want to consider adding a middle box like Logstash that can receive the Winlogbeat data and write it to multiple outputs.
1 Like
Is there a guide on how to do this? Also is it possible to run two different versions of winlogbeat too? for example 7.9.3 and something much older like 7.2?
There's no guide on this as the normal solution is the route the data with Logstash.
Unzip the packages you want to install to two different locations. Then I think the only change is to modify the install scripts before running them. Add a prefix or completely change the path.data and path.log values. It looks like this https://github.com/elastic/beats/blob/e50f6735d8846e75b41b8c769b5999eac11b8e2c/dev-tools/packaging/templates/windows/install-service.ps1.tmpl#L14. So you could change $env:PROGRAMDATA\winlogbeat to $env:PROGRAMDATA\winlogbeat-1 for example.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.