Auditbeat: Combining data from both (system & file_integrity) modules

I am trying to list events from Auditbeat as below:
In Kibana discovery, select Auditbeat index pattern
Search for a file say, /etc/auditbeat/auditbeat.yml

It lists records that do not show the username for changes/creation/deletion made to the file.

How do I find file changes/creation/deletion done by he user in a single go?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.