Graylog 3.0 Winlogbeat help


I’m pretty new to Graylog and I’ve got a decent setup running right now. What I am having trouble with is the yml syntax for the logbeat collector configuration. Is anybody out there customizing the default Winlogbeat config to parse down the logs being sent to graylog at the source (on the server with the sidecar installed)? If so, would anybody mind sharing some of their configs?

Also, how do you all verify your yml syntax is correct? I’m newish to yml and it’s super picky on spacing.

Below is one of the configs that was given to me by a fellow engineer and I’m getting errors at the sidecar server which says **"[winlogbeat] Validation command output: Exiting: error loading config file: yaml: line 17: did not find expected key\n" ** is it my spacing indentation? Line 17 is the first ignore_older: 48h * in the example link below.

he @mttmm

you need to fix the intention - as the error indicates. Please see the winlogbeat configuration:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.