I’ve dug through the new documentation and (attempted) several collector configurations, but have had no luck.
I have cases where I want both the Windows events, and an A/V flatfile log. Documentation states “The Windows Sidecar package already includes Filebeat and Winlogbeat.” - but it does not cover how to configure both WinLogBeats and FileBeats in the same configuration. What am I missing?
Can someone post a working example so I can see the proper structure?
Thanks!
-Jim
This can be closed - I got it working with a manually built config.
What did you do to fix it? I am still getting an error on mine - what are your collector configuration settings?
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: <node name>
fields.gl2_source_collector: <node id>
output.logstash:
hosts:
- ${user.LoadBalancer}
ssl:
verification_mode: none
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
filebeat:
inputs:
- type: log
paths:
- C:\Users\jforster\testing.logTested it out and it worked!! thanks!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.