Drop_event in 7.6.0

kikog20 · February 29, 2020, 6:21pm

Hello,

I dont know why my processor is not working.This is my processor:
processors:
- drop_event.when.not.or:
- equals.winlog.event_id: 4608
- equals.winlog.event_id: 4609
- equals.winlog.event_id: 4624
- equals.winlog.event_id: 4625
- equals.winlog.event_id: 4697
- equals.winlog.event_id: 4620
- equals.winlog.event_id: 4722
- equals.winlog.event_id: 4723
- equals.winlog.event_id: 4724
- equals.winlog.event_id: 4800
- equals.winlog.event_id: 4801
- equals.winlog.event_id: 4802
- equals.winlog.event_id: 4803
- equals.winlog.event_id: 11707
- equals.winlog.event_id: 11724
- equals.winlog.event_id: 592
This is not working anymore in this version and i dont know to fix it.
Thank you

Ian_Boje · March 3, 2020, 7:01pm

Do you have any processors before this one that are renaming winlog.event_id to event.code?

What version were you running before this? I've got 7.5.1 and I've got a similar config that seems to be working.

system · March 31, 2020, 7:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop_event syntax trouble with multiple processors (7.7.1) Beats winlogbeat	5	400	July 23, 2021
Winlogbeat doesn't drop events Beats winlogbeat	5	532	June 7, 2023
Winlogbeat - multiple event_id's and processor drop_events Beats winlogbeat	2	133	May 28, 2024
Winlogbeat - drop_event (multiple event ID's with specific rules) Beats winlogbeat	6	1163	November 18, 2020
Processor not dropping events Beats Winlogbeat Beats winlogbeat	3	803	April 29, 2021

Drop_event in 7.6.0

Related Topics