I have a use case scenario where I have to manually upload and parse Windows logs to Elasticsearch by using exported .evtx files. Splunk handles this fine with the "oneshot" command and I was wondering if anyone in this forum found a similar solution with Winlogbeat or tools that is utilizing Winlog…

Upload and parse exported .evtx files to Elasticsearch

andrewkroh (Andrew Kroh) April 12, 2019, 2:20pm 7

You can download a snapshot build from here just to test it out. (It's not released yet.)

Winlogbeat can't ingest archived .evtx files

Topic		Replies	Views
Import Saved Windows Event Logs Beats winlogbeat	5	9127	May 31, 2017
Forward Archived .evtx files Beats winlogbeat	6	30	October 24, 2024
How to send evtx files to logstash via FIlebeat? Beats filebeat	3	4192	January 6, 2020
Manually upload Winlogbeat ndjson files to Elasticsearch Beats winlogbeat	7	935	July 11, 2022
Importing .evtx files to ELK using WinLogBeat Beats beats-module , winlogbeat	2	1316	November 17, 2021