Winlogbeat and Grafana Loki

hack3rcon · February 8, 2025, 9:51am

Hello,
I want to send Windows Event ID 4066 to Grafana Loki server with IP address 192.168.1.2 via Winlogbeat. I wrote the following configuration file:

winlogbeat.event_logs:
  - name: Application
    event_id: 4066
  - name: Security
    event_id: 4066
  - name: System
    event_id: 4066

output.loki:
  hosts: ["http://192.168.1.2:3100"]
  labels:
    job: "windows_event_logs"
  static_labels:
    source: "windows"
    event_id: "4066"

processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: {}
  - add_docker_metadata: {}
  - add_kubernetes_metadata: {}
  - drop_event:
      when:
        not:
          equals:
            event.id: 4066

When I try to restart the winlogbeat service, I get error 1053.

How to solve it?

Thank you.

leandrojmp · February 8, 2025, 12:45pm

There is no output.loki, Winlogbeat or any other beats, does not support sending data directly to Loki, not sure from where you got this configuration as this does not exist.

The supported outputs are mentioned here.

hack3rcon · February 9, 2025, 1:37pm

Hi,
Thank you so much.

Topic		Replies	Views
Winlogbeat can't send event id 4663, 4660 Beats	1	787	January 13, 2019
Ipadress shown in kibana from winlogbeats Beats winlogbeat	2	866	December 4, 2017
WINLOGBEAT-NIFI-LISTENBEATS1.18.0 don't work correctly Beats winlogbeat	3	408	November 21, 2022
Filtering Winlogbeat on Event ID Beats winlogbeat	8	10083	July 5, 2017
Winlogbeats not exporitng event.id or xml data Beats winlogbeat	10	1228	July 6, 2018

Winlogbeat and Grafana Loki

Related topics