Hello , i am using Elasticsearch ,kibana and beats 7.8 , while i am using winlogbeat i have noticed illogical information ,
Winlogbeat will be extracting whatever information you see from the host.
Have you logged onto that machine and taken a look through the event viewer to see if what you are seeing in Kibana matches?
Actually i have focused in event log 4624 , which means number of login , i didn't login in to the machine 3 days ago, and it gives that i have successfully login 36 times in 15 min ? !!
That's not even logic !
Maybe there's a service or process that is running using your account?
How can i check that , which service, should i restart winlogbeat service for example?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
