There is no support for wildcards today. It's not too hard to generate the configuration file if you are using some kind of CM tool (like Ansible) to manage the installation and config. You could generate a one-off config using the script below.
I agree the file does get big, but it's quite straight forward to manage. You know exactly what logs are going to be read.
If wildcard support was added, I would want it to periodically check for new event logs. This is the one thing that you won't get with a generated config file. You can open an enhancement request for this feature in elastic/beats so that it is tracked with the others requests and does not get forgotten. There are other feature requests (adding the event parameters #1053 and filtering) that will be worked first. We welcome contributions to the project if you want to add this feature yourself.
generate-winlogbeat-config.ps1
$lines = @"
winlogbeat:
event_logs:
"@
Get-WinEvent -ListLog * | ForEach-Object {$lines += " - name: $($_.LogName)`n"}
$lines += @"
output:
elasticsearch:
hosts:
- localhost:9200
logging:
to_files: true
files:
path: C:/ProgramData/winlogbeat/Logs
level: info
"@
Out-File -InputObject $lines -FilePath winlogbeat.all.yml
PS C:\vagrant\winlogbeat> .\generate-winlogbeat-config.ps1
PS C:\vagrant\winlogbeat> .\winlogbeat.exe -c .\winlogbeat.all.yml -e -v