Hi everyone, new here (:
I have a question regarding Windows logs collected via Elastic Agent + Fleet.
In some integrations (like windows - sysmon..) where I expect to see agent.type = winlogbeat, I instead see agent.type = filebeat.
Does this difference affect the format of the Windows event logs, or is it just a naming/agent-type label while the actual ingestion format remains identical to standard Winlogbeat logs?
Thanks!
Hi @shalev_aviram Welcome to the community.
The agent.type is less important than the data_stream.type and data_stream.dataset
agent.type will be filebeat for the windows logs / events etc.
Identical... that is a bit tough as the agents tend to have slightly different metat data fields but yes they are essentially the same and of course improvements are made with versions.
I think you may need to do a direct comparison of the exported fields if you want to do a detailed comparison.
Elastic Integration
Winlogbeat
Many users have migrated from Winlog beat to Elastic Agen
Thank you very much! this was very helpful
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.