I've read several posts here regarding getting Winlogbeat to send logs to an ELK server. However, these haven't helped me get it working. As I usually do, I probably am missing something simple.
I already have Filebeat, Topbeat, and Packetbeat working, so I'm fairly certain that my ELK configs are correct; I can post these if it would help with a solution. My winlogbeat.yml file looks like this:
winlogbeat: registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml event_logs: - name: Application - name: Security - name: System output: logstash: hosts: ["10.0.101.101:5044"] template: # Template name. By default the template name is winlogbeat. #name: "winlogbeat" # Path to template file #path: "winlogbeat.template.json" # Overwrite existing template #overwrite: false tls: certificate_authorities: ["C:/Program Files/Winlogbeat/logstash-forwarder.crt"] logging: to_files: true files: path: C:/ProgramData/winlogbeat/Logs level: info
I read in googled post that someone had copied winlogbeat.template.json to the ELK server, and initialized it with "curl -XPOST 'http://10.0.101.101:9200/_template/winlogbeat?pretty' -d @/home/me/winlogbeat.template.json", and that that made his setup work. I tried that, but no joy.
Help would be appreciated.