Lightweight Shipper for Windows Event Logs
Keep a pulse on what’s happening across your Windows-based infrastructure. Winlogbeat live streams Windows event logs to Elasticsearch and Logstash in a lightweight way.
Get Product Updates
Read from Any Windows Event Log Channel
There’s a lot to learn from your Windows event logs. Interested in security events like logons (4624) and logon failures (4625)? How about when a USB storage device is attached (4663) or new software is installed (11707)? Winlogbeat can be configured to read from any event log channel. It also ships raw event data in a structured format to make filtering and aggregating in Elasticsearch easier than ever before.
It Doesn't Miss a Beat
Spool your Windows event logs to disk so your pipeline doesn’t skip a data point — even when interruptions such as network issues occur. Winlogbeat holds onto incoming data and then ships your logs to Elasticsearch or Logstash when things are back online.
Ship to Elasticsearch or Logstash. Visualize in Kibana.
Winlogbeat is part of the Elastic Stack, meaning it works seamlessly with Logstash, Elasticsearch, and Kibana. Whether you want to apply a bit more transformation muscle to Windows event logs with Logstash, fiddle with some analytics in Elasticsearch, or build and share dashboards in Kibana, Winlogbeat makes it easy to ship your data to where it matters most.