Dear All,
I user winlogbeat to collet my window log which include username. And I have a csv file which contain the username and user department. May I know is it possible to compare those datasets username field, if those username are same, add department to the winlogbeat log?
Thanks
Best Regards
Peter
You can use the translate filter in logstash to that.
I tried but fail. I use below code for window log but no result return even no department field show up. However, i use csv for testing is success. they are same code. Any idea?
filter {
translate {
field => ["winlog.user.name"]
destination => ["department"]
fallback => "not_found"
dictionary_path => "D:\elastic\logstash-7.14.0\config\test.yaml"
}
}
In logstash, that would be a field with two dots in its name, not a field within a field within a field. Use
field => "[winlog][user][name]"
Dear Badger,
It works!! thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.