Hello friends!
i was hoping to find out if when winlogbeat writes to elasticsearch the field '@timestamp' can be renamed/remapped to something i can get to with javascript when i get the records out.
I located such article
https://www.elastic.co/guide/en/beats/winlogbeat/7.8/processor-timestamp.html
and played with yml file and started and stoped the winlogbeat, but to no avail. Maybe i'm missing something. Please let me know!
As well i would like to find out as this is in version 7.8, why and who thought this would be a great idea to prefix a field name with a '@' sign and to place it in quotes??? And if such person came up with it, why was they not corrected by their peers and we need to remap/rename this field, all the other fields i can get to, but not the most important one of all. please see screens shot. Thank you very much!
