WARNING: Version 1.1 of Winlogbeat has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Step 3: Configuring Winlogbeat to Use Logstash Step 5: Starting Winlogbeat »
Elastic Docs Winlogbeat Reference [1.1] Getting Started With Winlogbeat

Step 4: Loading the Index Template in Elasticsearch

edit

Step 4: Loading the Index Template in Elasticsearch

edit

Before starting Winlogbeat, you need to load the index template, which lets Elasticsearch know which fields should be analyzed in which way.

The recommended template file is installed by the Winlogbeat packages. Load it with the following command:

PS C:\Program Files\Winlogbeat> Invoke-WebRequest -Method Put -InFile winlogbeat.template.json -Uri http://localhost:9200/_template/winlogbeat?pretty

where localhost:9200 is the IP and port where Elasticsearch is listening.

« Step 3: Configuring Winlogbeat to Use Logstash Step 5: Starting Winlogbeat »