SAP stores logs in binary format by default. A schedule task to dump logs in CSV format has to be created in SAP.
Save SAP logs on particular folder (eg: /opt/g14/saplogs/) on the system/server in csv format.
Schedule an activity in SAP to generate the audit logs in required intervals (eg: hourly).
Download and install filebeat latest version by using below link.
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html
Before starting Filebeat Edit filebeat.yml file
File path: C:\Program Files\filebeat\filebeat.yml
In Filebeat input session, can modify input enabled field False to true
6. Place your log folder path(step-2) under paths field.
7. Under Elastic search output session, put # to all lines.
8. Under Logstash output session, remove comments (#) and place IP and Port.
9. Modify localhost to Log collector IP and modify port number (provided by blusapphire).
10. After configuration is completed then Start the Filebeat service on PowerShell
PS C:\Program Files\filebeat> Start-Service filebeat