Winlogbeat configuration - need help

Radim · June 5, 2020, 6:01am

Hello
I hope someone could help me

I want to collect ALL events of level Critical, Error and Warning + from level Information JUST events id 1074, 6005, 6006, 6008. (Due to monitoring restart/shutdown of servers).
How to configure it?
I tried this, but it did not work :

name: System
ignore_older: 10h
level: critical, error, warning
level: information
event_id: 1074, 6005, 6006, 6008

I received only Information events id 1074, 6005, 6006, 6008 but NO events of Critical, Error and Warning level

system · June 19, 2020, 6:01am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combining Processor functions for Winlogbeat Graylog Central (peer support) sidecar , winlogbeat	1	373	August 12, 2019
Winlogbeat configuration - snippets Graylog Central (peer support) sidecar , winlogbeat	2	4067	July 16, 2018
Sidecar + WinLogBeat: Problem with JSON? Graylog Central (peer support) sidecar , winlogbeat	1	836	August 3, 2017
Help with Winlogbeat config Graylog Central (peer support) sidecar , winlogbeat	3	3487	December 16, 2019
Winlogbeats, filtering event ids to send to graylog server Graylog Central (peer support)	4	461	February 22, 2023

Winlogbeat configuration - need help

Related Topics