Hi All,
While browsing the Windows system.application logs, I came across the field winlog.event_data.paramXX. After reviewing the Elasticsearch documentation, I noticed that this field is mentioned as a keyword type, but there isn’t much explanation beyond that.
It appears to be some kind of variable or placeholder value that hasn’t been properly passed. Could someone clarify the purpose of these winlog.event_data.paramXX fields and how they should be interpreted?
Thank you for your support.