Lightweight Shipper for Windows Event Logs

Keep a pulse on what’s happening across your Windows-based infrastructure. Winlogbeat live streams Windows event logs to Elasticsearch and Logstash in a lightweight way.

Get Product Updates

NewCompatibility with the Elastic Common Schema makes ingesting data with Winlogbeat even easier in 7.0. Learn More

Read from Any Windows Event Log Channel

There’s a lot to learn from your Windows event logs. Interested in security events like logons (4624) and logon failures (4625)? How about when a USB storage device is attached (4663) or new software is installed (11707)? Winlogbeat can be configured to read from any event log channel. It also ships raw event data in a structured format to make filtering and aggregating in Elasticsearch easier than ever before.

It Doesn't Miss a Beat

Spool your Windows event logs to disk so your pipeline doesn’t skip a data point — even when interruptions such as network issues occur. Winlogbeat holds onto incoming data and then ships your logs to Elasticsearch or Logstash when things are back online.

Ship to Elasticsearch or Logstash. Visualize in Kibana.

Winlogbeat is part of the Elastic Stack, meaning it works seamlessly with Logstash, Elasticsearch, and Kibana. Whether you want to apply a bit more transformation muscle to Windows event logs with Logstash, fiddle with some analytics in Elasticsearch, or build and share dashboards in Kibana, Winlogbeat makes it easy to ship your data to where it matters most.

Get Started with Winlogbeat

Installation is lightweight, easy, and kinda fun.


Open and free to use.