Winlogbeats path based on date

witkacy · April 15, 2021, 12:49am

Hello,

Is it possible put result logs to file/folder with name based on actual time?

So that for each day I would have separate folder with logs like

c:/tmp/20210415/logFile1...
c:/tmp/20210416/logFile1...
c:/tmp/20210417/logFile1...

winlogbeat.event_logs:
  - name: test
    ignore_older: 1h
    processors:
      - drop_fields:
            fields: ["host", "log", "event", "winlog"]
      - drop_event:
            when:
                not:
                    contains:
                        message: StatusCode=200 OK
      
setup.template.settings:

setup.kibana:

output.file:
  path: "C:/tmp/test_log_new" 
  filename: winlogbeat

mtojek · April 15, 2021, 8:35am

I'm afraid that you have to configure a custom logrotation mechanism, additionally to filebeat or simply push your data further to ES.

system · May 13, 2021, 10:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.