- Winlogbeat Reference: other versions:
- Overview
- Getting Started With Winlogbeat
- Setting up and running Winlogbeat
- Upgrading Winlogbeat
- Configuring Winlogbeat
- Set up Winlogbeat
- Specify general settings
- Configure the internal queue
- Configure the output
- Set up index lifecycle management
- Specify SSL settings
- Filter and Enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- winlogbeat.reference.yml
- Exported fields
- Monitoring Winlogbeat
- Securing Winlogbeat
- Troubleshooting
- Contributing to Beats
Directory layout
editDirectory layout
editThe directory layout of an installation is as follows:
| Type | Description | Default Location | Config Option |
|---|---|---|---|
home |
Home of the Winlogbeat installation. |
|
|
bin |
The location for the binary files. |
|
|
config |
The location for configuration files. |
|
|
data |
The location for persistent data files. |
|
|
logs |
The location for the logs created by Winlogbeat. |
|
|
You can change these settings by using CLI flags or setting path options in the configuration file.
Default paths
editWinlogbeat uses the following default paths unless you explicitly change them.
zip, tar.gz, or tgz
edit| Type | Description | Location |
|---|---|---|
home |
Home of the Winlogbeat installation. |
|
bin |
The location for the binary files. |
|
config |
The location for configuration files. |
|
data |
The location for persistent data files. |
|
logs |
The location for the logs created by Winlogbeat. |
|
For the zip, tar.gz, or tgz distributions, these paths are based on the location of the extracted binary file. This means that if you start Winlogbeat with the following simple command, all paths are set correctly:
Start-Service winlogbeat
On this page