- Winlogbeat Reference: other versions:
- Winlogbeat Overview
- Quick start: installation and configuration
- Set up and run
- Upgrade
- Configure
- Winlogbeat
- General settings
- Project paths
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Kibana endpoint
- Kibana dashboards
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- append
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- HTTP endpoint
- Instrumentation
- winlogbeat.reference.yml
- How to guides
- Modules
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get Help
- Debug
- Understand logged metrics
- Common problems
- Dashboard in Kibana is breaking up data fields incorrectly
- Bogus computer_name fields are reported in some events
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
- Dashboard could not locate the index-pattern
- High RSS memory usage due to MADV settings
- Not sure how to read from .evtx files
- Contribute to Beats
Configure the Kibana endpoint
editConfigure the Kibana endpoint
editKibana dashboards are loaded into Kibana via the Kibana API. This requires a Kibana endpoint configuration. For details on authenticating to the Kibana API, see Authentication.
You configure the endpoint in the setup.kibana
section of the
winlogbeat.yml
config file.
Here is an example configuration:
setup.kibana.host: "http://localhost:5601"
Configuration options
editYou can specify the following options in the setup.kibana
section of the
winlogbeat.yml
config file:
setup.kibana.host
editThe Kibana host where the dashboards will be loaded. The default is
127.0.0.1:5601
. The value of host
can be a URL
or IP:PORT
. For example: http://192.15.3.2
, 192:15.3.2:5601
or http://192.15.3.2:6701/path
. If no
port is specified, 5601
is used.
When a node is defined as an IP:PORT
, the scheme and path are taken
from the setup.kibana.protocol and
setup.kibana.path config options.
IPv6 addresses must be defined using the following format:
https://[2001:db8::1]:5601
.
setup.kibana.protocol
editThe name of the protocol Kibana is reachable on. The options are: http
or
https
. The default is http
. However, if you specify a URL for host, the
value of protocol
is overridden by whatever scheme you specify in the URL.
Example config:
setup.kibana.host: "192.0.2.255:5601" setup.kibana.protocol: "http" setup.kibana.path: /kibana
setup.kibana.username
editThe basic authentication username for connecting to Kibana. If you don’t
specify a value for this setting, Winlogbeat uses the username
specified
for the Elasticsearch output.
setup.kibana.password
editThe basic authentication password for connecting to Kibana. If you don’t
specify a value for this setting, Winlogbeat uses the password
specified
for the Elasticsearch output.
setup.kibana.path
editAn HTTP path prefix that is prepended to the HTTP API calls. This is useful for the cases where Kibana listens behind an HTTP reverse proxy that exports the API under a custom prefix.
setup.kibana.space.id
editThe Kibana space ID to use. If specified, Winlogbeat loads Kibana assets into this Kibana space. Omit this option to use the default space.
setup.kibana.headers
editCustom HTTP headers to add to each request sent to Kibana. Example:
setup.kibana.headers: X-My-Header: Header contents
setup.kibana.ssl.enabled
editEnables Winlogbeat to use SSL settings when connecting to Kibana via HTTPS.
If you configure Winlogbeat to connect over HTTPS, this setting defaults to
true
and Winlogbeat uses the default SSL settings.
Example configuration:
setup.kibana.host: "https://192.0.2.255:5601" setup.kibana.ssl.enabled: true setup.kibana.ssl.certificate_authorities: ["/etc/client/ca.pem"] setup.kibana.ssl.certificate: "/etc/client/cert.pem" setup.kibana.ssl.key: "/etc/client/cert.key
See SSL for more information.
On this page