• Winlogbeat Reference: 8.196.4other versionsother versions: 8.198.188.178.168.158.148.138.128.118.108.98.88.78.68.58.48.38.28.18.07.177.167.157.147.137.127.117.107.97.87.77.67.57.47.37.27.17.06.86.76.66.56.46.36.26.16.05.65.55.45.35.25.15.01.31.21.1
• Overview
• Getting Started With Winlogbeat
  • Step 1: Install Winlogbeat
  • Step 2: Configure Winlogbeat
  • Step 3: Configure Winlogbeat to use Logstash
  • Step 4: Load the index template in Elasticsearch
  • Step 5: Set up the Kibana dashboards
  • Step 6: Start Winlogbeat
  • Step 7: View the sample Kibana dashboards
• Setting up and running Winlogbeat
  • Directory layout
  • Secrets keystore
  • Command reference
  • Stopping Winlogbeat
• Upgrading Winlogbeat
• Configuring Winlogbeat
  • Set up Winlogbeat
  • Specify general settings
  • Configure the internal queue
  • Configure the output
    • Elasticsearch
    • Logstash
    • Kafka
    • Redis
    • File
    • Console
    • Cloud
    • Change the output codec
  • Specify SSL settings
  • Filter and Enhance the exported data
    • Define processors
    • Add cloud metadata
    • Add the local time zone
    • Decode JSON fields
    • Drop events
    • Drop fields from events
    • Keep fields from events
    • Rename fields from events
    • Add Kubernetes metadata
    • Add Docker metadata
    • Add Host metadata
    • Dissect strings
  • Parse data by using ingest node
  • Set up project paths
  • Set up the Kibana endpoint
  • Load the Kibana dashboards
  • Load the Elasticsearch index template
  • Configure logging
  • Use environment variables in the configuration
  • YAML tips and gotchas
  • HTTP Endpoint
  • winlogbeat.reference.yml
• Exported fields
  • Beat fields
  • Cloud provider metadata fields
  • Common Winlogbeat fields
  • Docker fields
  • Event log record fields
  • Host fields
  • Kubernetes fields
• Monitoring Winlogbeat
  • Configuration options
• Securing Winlogbeat
  • Secure communication with Elasticsearch
  • Secure communication with Logstash by using SSL
  • Use X-Pack security
    • Configure authentication credentials
    • Grant users access to Winlogbeat indices
    • Configure Winlogbeat to use encrypted connections
    • Set the password for the beats_system built-in user
  • Use Linux Secure Computing Mode (seccomp)
• Troubleshooting
  • Get Help
  • Debug
  • Frequently asked questions
• Contributing to Beats