Hi guys,
Does anyone know if there is a way to copy the @timestamp value from winlogbeat json to a separate field (for troubleshooting purposes) using winlogbeat.yml file?
I'm trying to use the copy fields processor:
- copy_fields:
fields:
- from: @timestamp
to: original_event_timestamp
But I just get: Failed to copy fields in copy_fields processor: could not fetch value for key: @timestamp, Error: key not found