- Winlogbeat Reference: other versions:
- Overview
- Getting Started With Winlogbeat
- Setting up and running Winlogbeat
- Upgrading Winlogbeat
- Configuring Winlogbeat
- Set up Winlogbeat
- Specify general settings
- Configure the internal queue
- Configure the output
- Set up index lifecycle management
- Specify SSL settings
- Filter and Enhance the exported data
- Parse data by using ingest node
- Enrich events with geoIP information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- winlogbeat.reference.yml
- Exported fields
- Monitoring Winlogbeat
- Securing Winlogbeat
- Troubleshooting
- Contributing to Beats
Winlogbeat features that require authorization
editWinlogbeat features that require authorization
editAfter securing Winlogbeat, make sure your users have the roles (or associated privileges) required to use these Winlogbeat features. Note that some of the roles shown here are built-in, and some are user-defined.
| Feature | Role |
|---|---|
Send data to a secured cluster |
|
Load index templates |
|
Load Winlogbeat dashboards into Kibana |
|
Load machine learning jobs |
|
Read indices created by Winlogbeat |
|
View Winlogbeat dashboards in Kibana |
|
Load index lifecycle policies and use index lifecycle management |
|
To create the user-defined roles shown here, see Configure authentication credentials and Grant users access to Winlogbeat indices. You may want to define additional roles to provide more restrictive access.