Winlogbeat configuration - need help

Radim · June 5, 2020, 6:01am

Hello
I hope someone could help me

I want to collect ALL events of level Critical, Error and Warning + from level Information JUST events id 1074, 6005, 6006, 6008. (Due to monitoring restart/shutdown of servers).
How to configure it?
I tried this, but it did not work :

name: System
ignore_older: 10h
level: critical, error, warning
level: information
event_id: 1074, 6005, 6006, 6008

I received only Information events id 1074, 6005, 6006, 6008 but NO events of Critical, Error and Warning level

system · June 19, 2020, 6:01am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combining Processor functions for Winlogbeat Graylog Central (peer support) sidecar , winlogbeat	1	403	August 12, 2019
How to view Critical Events Graylog Central (peer support) sidecar , winlogbeat	3	910	March 24, 2020
Winlogbeat configuration - snippets Graylog Central (peer support) sidecar , winlogbeat	2	4143	July 16, 2018
Sidecar + WinLogBeat: Problem with JSON? Graylog Central (peer support) sidecar , winlogbeat	1	874	August 3, 2017
Help with Winlogbeat config Graylog Central (peer support) sidecar , winlogbeat	3	3731	December 16, 2019

Winlogbeat configuration - need help

Related topics