Hi,
I am wondering if it is possible to have a winlogbeat output to multiple events? So ideally I would like it to ship to my elasticsearch cluster but also output to a file (ideally a flat file) if anyone knows if that is possible?
thanks
Ian
hi @iccMe, unfortunately, Winlogbeat or any other beat doesn't support multiple output. (we briefly mention in the docs https://www.elastic.co/guide/en/beats/winlogbeat/current/configuring-output.html).
You might have to run a second instance of Winlogbeat or look into the possibility of sending the data to Logstash and then to multiple outputs.