Event.Original

JeanN · May 14, 2020, 1:52pm

Hi,

I'm trying to get "event.original" field from "_source" field but i don't suceed to get it on the winlogbeat conf.

Is someone have a solution to get it ?

Thanks.

andrewkroh · May 14, 2020, 5:25pm

The original event is the XML Winlogbeat receives from Windows. To include it set include_xml: true in the configuration for the event log. See the example in https://www.elastic.co/guide/en/beats/winlogbeat/7.7/configuration-winlogbeat-options.html#_event_logs_include_xml.

system · June 11, 2020, 5:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to for winlogbeat to send original raw logs? Beats winlogbeat	3	387	August 25, 2023
How to get the original message sent to logstash? Logstash	1	585	October 7, 2019
Winlogbeats not exporitng event.id or xml data Beats winlogbeat	10	1292	July 6, 2018
Beats_input_raw_event Logstash	4	457	January 7, 2024
Pulling details of an event entry with Winlogbeat Beats winlogbeat	6	2292	April 12, 2016