- Winlogbeat Reference: other versions:
- Winlogbeat Overview
- Quick start: installation and configuration
- Set up and run
- Upgrade
- Configure
- Winlogbeat
- General settings
- Project paths
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Kibana endpoint
- Kibana dashboards
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- rate_limit
- registered_domain
- rename
- script
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- HTTP endpoint
- Instrumentation
- winlogbeat.reference.yml
- How to guides
- Modules
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get Help
- Debug
- Common problems
- Dashboard in Kibana is breaking up data fields incorrectly
- Bogus computer_name fields are reported in some events
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
- Dashboard could not locate the index-pattern
- Not sure how to read from .evtx files
- Contribute to Beats
Configure the Console output
editConfigure the Console output
editThe Console output writes events in JSON format to stdout.
The Console output should be used only for debugging issues as it can produce a large amount of logging data.
To use this output, edit the Winlogbeat configuration file to disable the Elasticsearch
output by commenting it out, and enable the console output by adding output.console
.
Example configuration:
output.console: pretty: true
Configuration options
editYou can specify the following options in the console
section of the winlogbeat.yml
config file:
pretty
editIf pretty
is set to true, events written to stdout will be nicely formatted. The default is false.
codec
editOutput codec configuration. If the codec
section is missing, events will be json encoded using the pretty
option.
See Change the output codec for more information.
enabled
editThe enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled.
The default value is true.
bulk_max_size
editThe maximum number of events to buffer internally during publishing. The default is 2048.
Specifying a larger batch size may add some latency and buffering during publishing. However, for Console output, this setting does not affect how events are published.
Setting bulk_max_size
to values less than or equal to 0 disables the
splitting of batches. When splitting is disabled, the queue decides on the
number of events to be contained in a batch.