- Winlogbeat Reference: other versions:
- Overview
- Getting Started With Winlogbeat
- Setting up and running Winlogbeat
- Upgrading Winlogbeat
- Configuring Winlogbeat
- Set up Winlogbeat
- Specify general settings
- Configure the internal queue
- Configure the output
- Configure index lifecycle management
- Specify SSL settings
- Filter and Enhance the exported data
- Define processors
- Add cloud metadata
- Add fields
- Add labels
- Add the local time zone
- Add tags
- Decode JSON fields
- Drop events
- Drop fields from events
- Keep fields from events
- Rename fields from events
- Add Kubernetes metadata
- Add Docker metadata
- Add Host metadata
- Dissect strings
- DNS Reverse Lookup
- Add process metadata
- Parse data by using ingest node
- Enrich events with geoIP information
- Configure project paths
- Configure the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- winlogbeat.reference.yml
- Exported fields
- Monitoring Winlogbeat
- Securing Winlogbeat
- Troubleshooting
- Contributing to Beats
Directory layout
editDirectory layout
editThe directory layout of an installation is as follows:
| Type | Description | Default Location | Config Option |
|---|---|---|---|
home |
Home of the Winlogbeat installation. |
|
|
bin |
The location for the binary files. |
|
|
config |
The location for configuration files. |
|
|
data |
The location for persistent data files. |
|
|
logs |
The location for the logs created by Winlogbeat. |
|
|
You can change these settings by using CLI flags or setting path options in the configuration file.
Default paths
editWinlogbeat uses the following default paths unless you explicitly change them.
zip, tar.gz, or tgz
edit| Type | Description | Location |
|---|---|---|
home |
Home of the Winlogbeat installation. |
|
bin |
The location for the binary files. |
|
config |
The location for configuration files. |
|
data |
The location for persistent data files. |
|
logs |
The location for the logs created by Winlogbeat. |
|
For the zip, tar.gz, or tgz distributions, these paths are based on the location of the extracted binary file. This means that if you start Winlogbeat with the following simple command, all paths are set correctly:
Start-Service winlogbeat
On this page