Hello everyone,
I am coming to you because I am facing a problem.
I am using ELK and Winlogbeat, I have enabled print service logging on a server and I want to do a Dashboard to track impressions.
After some research all the information is available to make this dashboard.
I need to make a sum to have the printing total which is reported in winlog.user_data.Param8.
This is when the problems start, the field is of type keyword and it is therefore impossible for me to do calculations on it.
I tried several things at the level of the index to pass it in length but without result.
Do you have a lead so that I can use this field to do some calculations with?
The ideal would be to add a field when sending the style log:
If event.action = printing of a document and event.code = 307:
add in the Pages_printer field (which would be of type long) = winlog.user_data.Param8
Thank you in advance for your help.
Roman