Winlogbeat snippets

sparkblaze · July 31, 2017, 12:23pm

Can someone point me in the direction of some working documentation, with examples on using snippets to bend winlogbeat to my needs?

I’ve tried a couple of things that I found around, but none seem to work, always throwing errors and preventing winlogbeat from starting.

when I tried

-name: Security
event_id: 4624, 4688, 4673

It didn’t seem too happy with it (did not find expected key).

When I tried the same as a yaml fragment, it said “could not find expected ‘:’”

EDIT:
I’ve seen come to understand my issues are because I set the beats output to localhost and not the graylog server (rookie mistake).

system · August 14, 2017, 12:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Collector configuration of winlogbeat snippets were not working in graylog Graylog Central (peer support) sidecar , winlogbeat	2	1166	February 23, 2018
Graylog 3.0 Winlogbeat help Graylog Central (peer support) sidecar , winlogbeat	2	3547	June 17, 2019
Winlogbeat "publishes" fine but specific events aren't seen in Graylog Graylog Central (peer support) sidecar , winlogbeat	1	1058	April 13, 2021
Winlogbeat configuration - snippets Graylog Central (peer support) sidecar , winlogbeat	2	4143	July 16, 2018
Winlogbeat drop_event.when.not.or: not working - Sidecar Version 1.5, Graylog 5.2 Graylog Central (peer support) sidecar , winlogbeat	4	704	December 11, 2023