I am trying to list events from Auditbeat as below:
In Kibana discovery, select Auditbeat index pattern
Search for a file say, /etc/auditbeat/auditbeat.yml
It lists records that do not show the username for changes/creation/deletion made to the file.
How do I find file changes/creation/deletion done by he user in a single go?