Windows Event Log connector with Logstash

RemyB · February 14, 2024, 12:59pm

Hello all,

I would like to thank you in advance for your time reading my following issue :
In order to install the windows integrations (Windows Event Logs/Windows) and benefit from the provided visualisations and the rules from Elastic Security, I'm trying to setup the integration by modifying the winlogbeat.yml in the Winlogbeat install directory by adding :

output.elasticsearch:
hosts: ["<es_url>"]
username: "elastic"
password: ""
setup.kibana:
host: "<kibana_url>"

However, we use Logstash between the winlogbeat (installed on WEF) and Elasticsearch and I could not figure out which setup to implement making the log appearing in the stream and from the connector.

Does the setup need to be the same when Logstash is used ? Is it going to duplicate the events by adding output.elasticsearch in the winlogbeat config ?

Thank you in advance for your help on this and sorry if the subject has been treated yet in the portal.

Regards,

Remy

leandrojmp · February 14, 2024, 1:07pm

All beats only support one output, so if you need Logstash between your beat and Elasticsearch, then you need to configure the Logstash output.

Check this documentation with the steps to configure the Logstash output.

system · March 13, 2024, 1:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configure Winlogbeat to use Logstash and setup kibana dashboards at once Beats winlogbeat	6	38	September 11, 2024
A question about Winlogbeat configuration Beats winlogbeat	5	682	September 20, 2017
Winlogbeat only last log shows in Kibana Beats winlogbeat	6	485	November 29, 2018
Unable to see winlogbeat events Beats winlogbeat	8	1703	July 31, 2020
Winlogbeat: Output to Logstash or Elasticsearch Elasticsearch	1	416	July 5, 2017

Windows Event Log connector with Logstash

Related topics