WARNING: Version 6.2 of Winlogbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Start the Winlogbeat service with the following command. If you are accessing a secured Elasticsearch cluster, make sure you’ve configured credentials as described in Step 2: Configure Winlogbeat.
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat
Winlogbeat should now be running. If you used the configuration described here,
then you can view the log file at
You can view the status of the service and control it from the Services management console in Windows. To launch the management console, run this command:
PS C:\Program Files\Winlogbeat> services.msc
Stop the Winlogbeat service with the following command:
PS C:\Program Files\Winlogbeat> Stop-Service winlogbeat