Is it possible for Winlogbeat to include a time counter, for example when it starts sending logs the time counter would start at 0 then go by minutes (or hours) when sending logs?
Or is there a way to capture Winlogbeats up-time? Maybe have a field like this "uptime":"18.30.11"
If this is not possible, would it be able to parse this information in Logstash?
Thanks
What are you trying to accomplish?
Winlogbeat has a monitoring feature that can send information, including uptime, to Elasticsearch.
Winlogbeat logs metrics every 30s that include uptime. You can configure Winlogbeat to write its logs to the Application event log such that it forwards its own logs. Then parse that log message to get the uptime (best to configure Winlogbeat to write JSON so it's easy to parse)
logging.json: true
logging.to_eventlog: true
Thanks for the response, is it also possible to calculate the up-time for each beat using the timestamp in logstash?
I tried logging to event log but it sends too many logs doesn't capture the up-time every time. I just want to collect the amount of time that each beat runs in a separate field, if that's possible?
You could filter what Winlogbeat logs are forwarded by using a processor such that is only sends the metric events that contain uptime.
I can't think of any way to calculate the value since you don't know the start time. You can get the uptime from the logs, the built-in monitoring feature, or the HTTP monitoring API.
That's great, thanks for the help.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.