Configuration

This is a example configuration for Filebeat. You can use it as a starting point to further define which data you want to gather.

Please be aware of the fact that more data needs more storage space and that you might need to order additional space or bigger instances.

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - C:/Windows/Logs/Software/**
    - C:/Windows/Temp/uberAgentConfiguration**
    - C:/ProgramData/FSLogix/Logs/**
    - C:/ProgramData/Microsoft/IntuneManagementExtension/Logs/**
scan_frequency: 30s

output.elasticsearch:
  hosts: ["Insights URL"]
  protocol: "HTTP"
  username: "Authentication Name"
  password: "Authentication PW"
  index: "filebeat"
  bulk_max_size: 800
  worker: 2
  compression_level: 9
  xpack.enabled: false

setup.ilm.enabled: false
setup.ilm.check_exists: false
setup.dashboards.enabled: false
setup.template.enabled: false
setup.template.overwrite: false

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~