I am trying to ingest DNSServer Analytics logs to my ELK stack (V-8.14) but the logs are not getting ingested, below is the configurations i added in my elastic-agent.yml file:
Trial 1:
- type: etw
id: etw-dnsserver
enabled: true
provider.name: Microsoft-Windows-DNSServer
session_name: DNSServer-Analytical
trace_level: verbose
match_any_keyword: 0x8000000000000000
match_all_keyword: 0
Trial 2: using the path of the file,
- type: etw
enabled: true
id: etw-dnsserver-session
file: "C:\WINDOWS\System32\Winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl"
I got this configurations from elastic documentation : ETW input | Filebeat Reference [8.15] | Elastic
i also directly tried with filebeat using the path but the data comes in a encoded format which was not readable.
Elastic stack version : 18.4
Elastic agent version: 18.4