Hi, we setup an ELK stack on Windows Server 2016 and it's running smoothly. We have installed Metric Beats on three Servers and they are forwarding the Metrics without nay issue. Now my boss need to view Windows event logs in Kibana in a meaningful way. I installed and configured winlogbeat on those same servers and I think they are forwading the logs but they aren't currently user friendly. I attached screenshot of the data we get now. Actually I want something like this. If you can please provide a complete guide to me on how to do this from scratch. Currently winlogbeat is sending logs to ElasticSearch. The guide i found forwards them to logstash. We have installed it but not configured it.
Thanks.
- this is what we currently have -this is what we need.
https://blog.rootshell.be/2015/08/24/sending-windows-event-logs-to-logstash/ is the article.