I want to create a centralized log with graylog and log collectors such as filebeats or nxlogs.
I know Microsoft SQL Server extended events creates .XEL files. but they are binary files.
Is there any clean way to read this xel files by filebeats or nxlog or any other tools and send it to graylog?
With nxlog you could use the im_exec module and write a script (as suggested by @dan-guzman) that would convert the .xel files into a text based format. The other option could be using the Event Tracing for Windows Target with the im_etw input module to can collect ETW events.