Winlogbeat 5.0
config output.file
Run winlogbeat updates the winlogbeat data from the Windows event log.
Any new event log does not get captured onto the winlogbeat data.
Using the same wnlogbeat.yml config file (slightly reconfigured for syntax) works on v.1.3.1 - the winlogbeat updates every 30 secs with new event logs from Windows.
Is this bug on 5.0 ?
Note: I'm not publishing to logstash at all yet, just trying to run winlogbeat sending event logs to a local output file.
Jojo
Please post the configuration that you are using and the log output from Winlogbeat.
I'm sorry to say I am incorrect on my observation. Winlogbeat 5.0 is definitely updating. I could not see the file update because the file modified stamp is not changing plus the tail program I use is not dynamically updating. If I re-open the data outfile it shows the new event log. Sorry for the false alarm. JP
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.