- Winlogbeat Reference: other versions:
- Overview
- Getting Started With Winlogbeat
- Setting up and running Winlogbeat
- Upgrading Winlogbeat
- Configuring Winlogbeat
- Set up Winlogbeat
- Specify general settings
- Configure the internal queue
- Configure the output
- Configure index lifecycle management
- Specify SSL settings
- Filter and Enhance the exported data
- Define processors
- Add cloud metadata
- Add fields
- Add labels
- Add the local time zone
- Add tags
- Decode JSON fields
- Drop events
- Drop fields from events
- Keep fields from events
- Rename fields from events
- Add Kubernetes metadata
- Add Docker metadata
- Add Host metadata
- Dissect strings
- DNS Reverse Lookup
- Add process metadata
- Parse data by using ingest node
- Enrich events with geoIP information
- Configure project paths
- Configure the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- winlogbeat.reference.yml
- Exported fields
- Monitoring Winlogbeat
- Securing Winlogbeat
- Troubleshooting
- Contributing to Beats
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Step 6: Start Winlogbeat
editStep 6: Start Winlogbeat
editStart the Winlogbeat service with the following command. If you are accessing a secured Elasticsearch cluster, make sure you’ve configured credentials as described in Step 2: Configure Winlogbeat.
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat
Winlogbeat should now be running. If you used the configuration described here,
then you can view the log file at C:\ProgramData\winlogbeat\Logs\winlogbeat.
You can view the status of the service and control it from the Services management console in Windows. To launch the management console, run this command:
PS C:\Program Files\Winlogbeat> services.msc
Stop Winlogbeat
editStop the Winlogbeat service with the following command:
PS C:\Program Files\Winlogbeat> Stop-Service winlogbeat
On this page
Was this helpful?
Thank you for your feedback.