Start the Winlogbeat service with the following command. If you are accessing a secured Elasticsearch cluster, make sure you’ve configured credentials as described in Step 2: Configure Winlogbeat.
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat
Winlogbeat should now be running. If you used the configuration described here,
then you can view the log file at
You can view the status of the service and control it from the Services management console in Windows. To launch the management console, run this command:
PS C:\Program Files\Winlogbeat> services.msc
Stop the Winlogbeat service with the following command:
PS C:\Program Files\Winlogbeat> Stop-Service winlogbeat