Winlogbeat snippets

Can someone point me in the direction of some working documentation, with examples on using snippets to bend winlogbeat to my needs?

I’ve tried a couple of things that I found around, but none seem to work, always throwing errors and preventing winlogbeat from starting.

when I tried

-name: Security
event_id: 4624, 4688, 4673

It didn’t seem too happy with it (did not find expected key).

When I tried the same as a yaml fragment, it said “could not find expected ‘:’”

I’ve seen come to understand my issues are because I set the beats output to localhost and not the graylog server (rookie mistake).

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.