Drop_event in 7.6.0

kikog20 · February 29, 2020, 6:21pm

Hello,

I dont know why my processor is not working.This is my processor:
processors:
- drop_event.when.not.or:
- equals.winlog.event_id: 4608
- equals.winlog.event_id: 4609
- equals.winlog.event_id: 4624
- equals.winlog.event_id: 4625
- equals.winlog.event_id: 4697
- equals.winlog.event_id: 4620
- equals.winlog.event_id: 4722
- equals.winlog.event_id: 4723
- equals.winlog.event_id: 4724
- equals.winlog.event_id: 4800
- equals.winlog.event_id: 4801
- equals.winlog.event_id: 4802
- equals.winlog.event_id: 4803
- equals.winlog.event_id: 11707
- equals.winlog.event_id: 11724
- equals.winlog.event_id: 592
This is not working anymore in this version and i dont know to fix it.
Thank you

Ian_Boje · March 3, 2020, 7:01pm

Do you have any processors before this one that are renaming winlog.event_id to event.code?

What version were you running before this? I've got 7.5.1 and I've got a similar config that seems to be working.

system · March 31, 2020, 7:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.