- Winlogbeat Reference: other versions:
- Winlogbeat Overview
- Quick start: installation and configuration
- Set up and run
- Upgrade
- Configure
- Winlogbeat
- General settings
- Project paths
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Kibana endpoint
- Kibana dashboards
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- append
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- HTTP endpoint
- Instrumentation
- winlogbeat.reference.yml
- How to guides
- Modules
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get Help
- Debug
- Common problems
- Dashboard in Kibana is breaking up data fields incorrectly
- Bogus computer_name fields are reported in some events
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
- Dashboard could not locate the index-pattern
- High RSS memory usage due to MADV settings
- Not sure how to read from .evtx files
- Contribute to Beats
Grant privileges and roles needed to read Winlogbeat data from Kibana
editGrant privileges and roles needed to read Winlogbeat data from Kibana
editKibana users typically need to view dashboards and visualizations that contain Winlogbeat data. These users might also need to create and edit dashboards and visualizations.
To grant users the required privileges:
-
Create a reader role, called something like
winlogbeat_reader
, that has the following privilege:Type Privilege Purpose Index
read
onwinlogbeat-*
indicesRead data indexed by Winlogbeat
Spaces
Read
orAll
on Dashboards, Visualize, and DiscoverAllow the user to view, edit, and create dashboards, as well as browse data.
-
Assign the reader role, along with the following built-in roles, to users who need to read Winlogbeat data:
Role Purpose monitoring_user
Allow users to monitor the health of Winlogbeat itself. Only assign this role to users who manage Winlogbeat.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now