Explore documentation
  1. Welcome to Telemetry 👋
  2. Quick start guide
  3. Wide events vs. time series
  4. Ingesting data
    1. Better Stack collector
    2. Vector
    3. OpenTelemetry
    4. Ingesting via HTTP API
    5. Ingesting metrics
    6. Ingesting logs
      1. Docker & Kubernetes
      2. Operating systems
      3. Log forwarders
        1. Vector
        2. Syslog
        3. Fluent Bit
        4. Fluentd
        5. Filebeat
        6. Winlogbeat
        7. Logstash
      4. Programming languages
      5. Cloud platforms
      6. Web servers & Load balancers
      7. Databases & queues
      8. Storage
    7. Migrating to Better Stack
  5. Using the product
    1. AI SRE ↗
    2. MCP server ↗
    3. Transforming ingested data
    4. Querying data
    5. Tracing
    6. Alerts
  6. Telemetry API
    1. Getting an API token
    2. Sources API
    3. Source groups API
    4. Metrics API
    5. Connections API
    6. Query API ↗
  7. Alternative to
    1. Lightstep

Better Stack Winlogbeat logging

Start logging in 6 minutes

Collect logs from your Windows applications using Winlogbeat.

Winlogbeat is specifically built to collect your Windows event logs and ship them to Better Stack.

1. Download and install Winlogbeat

Pick a version on Winlogbeat download page and install it.

2. Edit configuration

In your winlogbeat.yml file, replace current output.* config to send data to Better Stack:

winlogbeat.yml output config
output.elasticsearch:
  hosts: 'https://$INGESTING_HOST:443'
  path: '/elastic'
  headers:
    X-Better-Stack-Source-Token: '$SOURCE_TOKEN'


Review the rest of the config to ensure some logs will be read. For example, change enabled: false to enabled: true in the default winlogbeat.event_logs array.

You can read more about event log configuration in Winlogbeat docs.

3. Run Winlogbeat

Run Winlogbeat to load the configuration:

Run in PowerShell
winlogbeat.exe -c winlogbeat.yml

You should see your logs in Better Stack → Live tail.

Need help?

Please let us know at hello@betterstack.com. We're happy to help! 🙏

Additional information

Want to read about Winlogbeat configuration in more detail? Check out the Winlogbeat documentation.

Previous article

Better Stack Filebeat logging

Next article

Send logs to Better Stack using Logstash