Winlogbeat 6.0.0 Registry File

Elastic Stack Beats
1

Hi,

I noticed that in 6.0 the registry file in c:\ProgramData\winlogbeat.winlogbeat.yml isn't populating the same - am i missing something or is this intentional?

6.0.0

update_time: 2017-12-05T15:16:38.2530588Z
event_logs:
- name: wineventlog
  record_number: 528669
  timestamp: 2017-12-05T15:16:31.1188124Z

5.5.2

update_time: 2017-12-05T15:16:07.841893Z
event_logs:
- name: Application
  record_number: 250502
  timestamp: 2017-12-05T15:16:02.6721303Z
- name: Microsoft-Windows-Diagnostics-Performance/Operational
  record_number: 204
  timestamp: 2017-11-28T00:27:30.1588877Z
- name: System
  record_number: 137622
  timestamp: 2017-12-05T15:08:40.0562157Z
2

This is definitely a bug. Please open a new issue on Github for this.

The name should be set to e.Channel rather than e.API. This must have been introduced when we did a refactoring in 6.0 that allows Winlogbeat to be reading a batch and sending concurrently.

3

Thanks for the clarification. Also I noticed something that also may be related -

Whenever winlogbeat service is restarted the .winlogbeat.yml is reset and the logs are reset.

4

That sounds like symptom of the bug rather than a second issue.

5
6

This topic was automatically closed after 21 days. New replies are no longer allowed.