This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.

« Winlogbeat command reference Stop Winlogbeat »

› ›

Start Winlogbeat

edit

Start Winlogbeat

edit

Before starting Winlogbeat:

Follow the steps in Quick start: installation and configuration to install, configure, and set up the Winlogbeat environment.
Make sure Kibana and Elasticsearch are running.
Make sure the user specified in winlogbeat.yml is authorized to publish events.

To start Winlogbeat, run:

PS C:\Program Files\Winlogbeat> Start-Service winlogbeat

Winlogbeat should now be running. If you used the logging configuration described here, you can view the log file at C:\ProgramData\winlogbeat\Logs\winlogbeat.

You can view the status of the service and control it from the Services management console in Windows. To launch the management console, run this command:

PS C:\Program Files\Winlogbeat> services.msc

« Winlogbeat command reference Stop Winlogbeat »