Yes, two step process, both ran under "Computer"
-
Preferences > WIndows Settings > Files and make a copy of the Winlogbeat source files to the local PC, also make subdirectories for the data and logs folders.
-
Policies > Windows Settings > Scripts > Startup and run the Powershell to install it. I'll paste the code that I used below.
delete service if it already exists
if (Get-Service winlogbeat -ErrorAction SilentlyContinue) {
$service = Get-WmiObject -Class Win32_Service -Filter "name='winlogbeat'"
$service.StopService()
Start-Sleep -s 1
$service.delete()
}$workdir = Split-Path $MyInvocation.MyCommand.Path
create new service
New-Service -name winlogbeat
-displayName winlogbeat
-binaryPathName ""C:\\Program Files\\winlogbeat\\winlogbeat.exe" -c"C:\\Program Files\\winlogbeat\\winlogbeat.yml" -path.home"C:\\Program Files\\winlogbeat\\" -path.data"C:\\ProgramData\\winlogbeat" -path.logs"C:\\ProgramData\\winlogbeat\logs""start service
Start-Service winlogbeat