Winlogbeat command reference
editWinlogbeat command reference
editWinlogbeat provides a command-line interface for starting Winlogbeat and performing common tasks, like testing configuration files and loading dashboards.
The command-line also supports global flags for controlling global behaviors.
Commands | |
---|---|
Exports the configuration, index template, or a dashboard to stdout. |
|
Shows help for any command. |
|
Manages the secrets keystore. |
|
Runs Winlogbeat. This command is used by default if you start Winlogbeat without specifying a command. |
|
Sets up the initial environment, including the index template, Kibana dashboards (when available), and machine learning jobs (when available). |
|
Tests the configuration. |
|
Shows information about the current version. |
Also see Global flags.
export
command
editExports the configuration, index template, or a dashboard to stdout. You can use this command to quickly view your configuration, see the contents of the index template, or export a dashboard from Kibana.
SYNOPSIS
winlogbeat export SUBCOMMAND [FLAGS]
SUBCOMMANDS
-
config
-
Exports the current configuration to stdout. If you use the
-c
flag, this command exports the configuration that’s defined in the specified file. -
dashboard
-
Exports a dashboard. You can use this option to store a dashboard on disk in a module and load it automatically. For example, to export the dashboard to a JSON file, run:
winlogbeat export dashboard --id="DASHBOARD_ID" > dashboard.json
To find the
DASHBOARD_ID
, look at the URL for the dashboard in Kibana. By default,export dashboard
writes the dashboard to stdout. The example shows how to write the dashboard to a JSON file so that you can import it later. The JSON file will contain the dashboard with all visualizations and searches. You must load the index pattern separately for Winlogbeat.To load the dashboard, copy the generated
dashboard.json
file into thekibana/6/dashboard
directory of Winlogbeat, and runwinlogbeat setup --dashboards
to import the dashboard.If Kibana is not running on
localhost:5061
, you must also adjust the Winlogbeat configuration undersetup.kibana
. -
template
-
Exports the index template to stdout. You can specify the
--es.version
and--index
flags to further define what gets exported.
FLAGS
-
--es.version VERSION
-
When used with
template
, exports an index template that is compatible with the specified version. -
-h, --help
-
Shows help for the
export
command. -
--index BASE_NAME
-
When used with
template
, sets the base name to use for the index template. If this flag is not specified, the default base name iswinlogbeat
. -
--id DASHBOARD_ID
-
When used with
dashboard
, specifies the dashboard ID.
Also see Global flags.
EXAMPLES
winlogbeat export config winlogbeat export template --es.version 6.5.4 --index myindexname winlogbeat export dashboard --id="a7b35890-8baa-11e8-9676-ef67484126fb" > dashboard.json
help
command
editShows help for any command. If no command is specified, shows help for the
run
command.
SYNOPSIS
winlogbeat help COMMAND_NAME [FLAGS]
-
COMMAND_NAME
- Specifies the name of the command to show help for.
FLAGS
-
-h, --help
-
Shows help for the
help
command.
Also see Global flags.
EXAMPLE
winlogbeat help export
keystore
command
editManages the secrets keystore.
SYNOPSIS
winlogbeat keystore SUBCOMMAND [FLAGS]
SUBCOMMANDS
-
add KEY
-
Adds the specified key to the keystore. Use the
--force
flag to overwrite an existing key. Use the--stdin
flag to pass the value throughstdin
. -
create
-
Creates a keystore to hold secrets. Use the
--force
flag to overwrite the existing keystore. -
list
- Lists the keys in the keystore.
-
remove KEY
- Removes the specified key from the keystore.
FLAGS
-
--force
-
Valid with the
add
andcreate
subcommands. When used withadd
, overwrites the specified key. When used withcreate
, overwrites the keystore. -
--stdin
-
When used with
add
, uses the stdin as the source of the key’s value. -
-h, --help
-
Shows help for the
keystore
command.
Also see Global flags.
EXAMPLES
winlogbeat keystore create winlogbeat keystore add ES_PWD winlogbeat keystore remove ES_PWD winlogbeat keystore list
See Secrets keystore for more examples.
run
command
editRuns Winlogbeat. This command is used by default if you start Winlogbeat without specifying a command.
SYNOPSIS
winlogbeat run [FLAGS]
Or:
winlogbeat [FLAGS]
FLAGS
-
-N, --N
- Disables publishing for testing purposes. This option disables all outputs except the File output.
-
--cpuprofile FILE
- Writes CPU profile data to the specified file. This option is useful for troubleshooting Winlogbeat.
-
-h, --help
-
Shows help for the
run
command. -
--httpprof [HOST]:PORT
- Starts an http server for profiling. This option is useful for troubleshooting and profiling Winlogbeat.
-
--memprofile FILE
- Writes memory profile data to the specified output file. This option is useful for troubleshooting Winlogbeat.
-
--setup
-
Loads the initial setup, including Elasticsearch template, Kibana index pattern, Kibana dashboards (when available), and Machine learning jobs. If you want to use the command without running Winlogbeat, use the
setup
command instead.
Also see Global flags.
EXAMPLE
winlogbeat run -e --setup
Or:
winlogbeat -e --setup
setup
command
editSets up the initial environment, including the index template, Kibana dashboards (when available), and machine learning jobs (when available)
- The index template ensures that fields are mapped correctly in Elasticsearch.
- The Kibana dashboards make it easier for you to visualize Winlogbeat data in Kibana.
- The machine learning jobs contain the configuration information and metadata necessary to analyze data for anomalies.
Use this command instead of run --setup
when you want to set up the
environment without actually running Winlogbeat and ingesting data.
SYNOPSIS
winlogbeat setup [FLAGS]
FLAGS
-
--dashboards
- Sets up the Kibana dashboards (when available). This option loads the dashboards from the Winlogbeat package. For more options, such as loading customized dashboards, see Importing Existing Beat Dashboards in the Beats Developer Guide.
-
-h, --help
-
Shows help for the
setup
command. -
--machine-learning
- Sets up machine learning job configurations only.
-
--template
- Sets up the index template only.
Also see Global flags.
EXAMPLES
winlogbeat setup --dashboards winlogbeat setup --machine-learning winlogbeat setup --template
test
command
editTests the configuration.
SYNOPSIS
winlogbeat test SUBCOMMAND [FLAGS]
SUBCOMMANDS
-
config
- Tests the configuration settings.
-
output
- Tests that Winlogbeat can connect to the output by using the current settings.
FLAGS
-
-h, --help
-
Shows help for the
test
command.
Also see Global flags.
EXAMPLE
winlogbeat test config
version
command
editShows information about the current version.
SYNOPSIS
winlogbeat version [FLAGS]
FLAGS
-
-h, --help
-
Shows help for the
version
command.
Also see Global flags.
EXAMPLE
winlogbeat version
Global flags
editThese global flags are available whenever you run Winlogbeat.
-
-E, --E "SETTING_NAME=VALUE"
-
Overrides a specific configuration setting. You can specify multiple overrides. For example:
winlogbeat -E "name=mybeat" -E "output.elasticsearch.hosts=['http://myhost:9200']"
This setting is applied to the currently running Winlogbeat process. The Winlogbeat configuration file is not changed.
-
-c, --c FILE
-
Specifies the configuration file to use for Winlogbeat. The file you specify
here is relative to
path.config
. If the-c
flag is not specified, the default config file,winlogbeat.yml
, is used. -
-d, --d SELECTORS
-
Enables debugging for the specified selectors. For the selectors, you can
specify a comma-separated
list of components, or you can use
-d "*"
to enable debugging for all components. For example,-d "publish"
displays all the "publish" related messages. -
-e, --e
- Logs to stderr and disables syslog/file output.
-
--path.config
- Sets the path for configuration files. See the Directory layout section for details.
-
--path.data
- Sets the path for data files. See the Directory layout section for details.
-
--path.home
- Sets the path for miscellaneous files. See the Directory layout section for details.
-
--path.logs
- Sets the path for log files. See the Directory layout section for details.
-
--strict.perms
-
Sets strict permission checking on configuration files. The default is
-strict.perms=true
. See Config file ownership and permissions in the Beats Platform Reference for more information. -
-v, --v
- Logs INFO-level messages.