Edit the winlogbeat config file (winlogbeat.yml)
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: Security
- name: System
- name: MSSQLSERVER
ignore_older: 72h
winlogbeat.modules:
- module: mssql
enabled: true
var.paths: ["C:\\Program Files\\Microsoft SQL Server\\MSSQL15.MSSQLSERVER\\MSSQL\\Log\\ERRORLOG"]
After save the file, restart the Winlogbeat service using powershell:
Stop-Service winlogbeat
Start-Service winlogbeat