Hey there everyone,
I'm just wondering if anyone has ran into this issue or encountered what I have been struggling with. At this point in time I am using winlogbeat on a Domain Controller running windows 2012 R2 and I am trying to have it ship the "security" logs, "system" logs and "dns server" logs to a machine that is running logstash.
For some reason winlogbeat will only send events from the first of the three that shows up in the config file. For testing I have even tried using the default winlogbeat.full.yml yet the results are the same.
If I adjust the order in which the log names are listed within the config than the logs being sent will also adjust in-relation to the change made. Its as though winlogbeat wants to only send a max of one log type...
Any suggestions or config changes would be gladly excepted! Thanks for the assistance and everyone have a wonderful day,
Also, the version of all components is 5.4.3...
Cheers,