//////////////////////////////////////////////////////////////////////////
//// This content is shared by all Elastic Beats. Make sure you keep the
//// descriptions here generic enough to work for all Beats that include
//// this file. When using cross references, make sure that the cross
//// references resolve correctly for any files that include this one.
//// Use the appropriate variables defined in the index.asciidoc file to
//// resolve Beat names: beatname_uc and beatname_lc.
//// Use the following include to pull this content into a doc file:
//// include::../../libbeat/docs/shared-logstash-config.asciidoc[]
//////////////////////////////////////////////////////////////////////////

[IMPORTANT]
.Prerequisite
To send events to {ls}, you also need to create a {ls} configuration pipeline
that listens for incoming Beats connections and indexes the received events into
{es}. For more information, see the section about
{stack-gs}/get-started-elastic-stack.html#logstash-setup[configuring {ls}] in
the {stack} getting started tutorial. Also see the documentation for the
{logstash-ref}/plugins-inputs-beats.html[{beats} input] and
{logstash-ref}/plugins-outputs-elasticsearch.html[{es} output] plugins.

If you want to use {ls} to perform additional processing on the data collected by
{beatname_uc}, you need to configure {beatname_uc} to use {ls}.

To do this, you edit the {beatname_uc} configuration file to disable the Elasticsearch
output by commenting it out and enable the {ls} output by uncommenting the
logstash section:

[source,yaml]
------------------------------------------------------------------------------
#----------------------------- Logstash output --------------------------------
output.logstash:
  hosts: ["127.0.0.1:5044"]
------------------------------------------------------------------------------

The `hosts` option specifies the {ls} server and the port (`5044`) where {ls} is configured to listen for incoming
Beats connections.

For this configuration, you must <<load-template-manually,load the index template into Elasticsearch manually>>
because the options for auto loading the template are only available for the Elasticsearch output.

ifdef::allplatforms[]

include::../../libbeat/docs/step-test-config.asciidoc[]

endif::allplatforms[]

ifdef::win[]

TIP: To test your configuration file, change to the directory where the {beatname_uc}
binary is installed, and run {beatname_uc} in the foreground with the following
options specified: +.\winlogbeat.exe test config -c .\winlogbeat.yml -e+.

endif::win[]