Hi everyone, I've more than 100 .evtx files that have to be sent to elastic cloud using winlogbeat. I know the method to send files one by one using this post
But this is a hectic process to provide the path of each file one by one to send .evtx logs to elastic. Is there a way to all logs in one go? Method like '/dir/path/ *.evtx' or '/dir/path/ *' is not working. It throws error
I would probably just script it with PowerShell to loop through each file and run winlogbeat on that file so u don't have to do it manually.
Thank you this seems a great approach!
I haven't written such powershell script before, If you're an expert / experienced in it then please share script code. Meanwhile, let me try to get it done using a script. My log files are more than 500 that seems nearly impossible to do it manually.
Hi, the script called Winlogbeat-Bulk-Read.ps1 from this github page should help you accomplish that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.