Configure the Console outputedit

The Console output writes events in JSON format to stdout.

The Console output should be used only for debugging issues as it can produce a large amount of logging data.

To use this output, edit the Winlogbeat configuration file to disable the Elasticsearch output by commenting it out, and enable the console output by adding output.console.

Example configuration:

output.console:
  pretty: true

Configuration optionsedit

You can specify the following options in the console section of the winlogbeat.yml config file:

prettyedit

If pretty is set to true, events written to stdout will be nicely formatted. The default is false.

codecedit

Output codec configuration. If the codec section is missing, events will be json encoded using the pretty option.

See Change the output codec for more information.

enablededit

The enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled.

The default value is true.

bulk_max_sizeedit

The maximum number of events to buffer internally during publishing. The default is 2048.

Specifying a larger batch size may add some latency and buffering during publishing. However, for Console output, this setting does not affect how events are published.

Setting bulk_max_size to values less than or equal to 0 disables the splitting of batches. When splitting is disabled, the queue decides on the number of events to be contained in a batch.