winlogbeat

tips

winlogbeat will auto recreate index

install as service

install

how to change default index name

setup.ilm.enabled: false
setup.template:
    name:    'winlogbeat-%{[agent.version]}-edr'
    pattern: 'winlogbeat-%{[agent.version]}-edr'
    overwrite: true

output.elasticsearch:
    hosts: ['http://xxxxx:xxxx']
    index: 'winlogbeat-%{[agent.version]}-xxx'