Hello.
I need help about extract Windows Event Log fields. For example, In below image, How can I extract "Subject”, “Object” and “Accesses” from “message” ?
I have written below lines but I can't extract "message" parts:
processors:
- include_fields:
fields: ["_index", "@timestamp", "beat.name" , "event_data.ObjectName" , "event_data.ObjectType" , "event_data.SubjectUserName", "keywords"]Thank you.