Extract Windows Event Log fields

hack3rcon · September 2, 2017, 6:49am

Hello.
I need help about extract Windows Event Log fields. For example, In below image, How can I extract "Subject”, “Object” and “Accesses” from “message” ?

I have written below lines but I can't extract "message" parts:

processors:
  - include_fields:
      fields: ["_index", "@timestamp", "beat.name" , "event_data.ObjectName" , "event_data.ObjectType" , "event_data.SubjectUserName", "keywords"]

Thank you.

system · September 23, 2017, 6:49am

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
Extract field from Messages section of Windows Event Log Beats winlogbeat	2	850	November 29, 2018
Winlogbeat: Problem to get fields from nested winevent message Beats winlogbeat	5	490	October 23, 2020
Document all possible event_data.* fields? Beats winlogbeat	4	1080	November 8, 2016
Windows EventLog Parsing Fields Logstash	1	391	July 6, 2017
Extract Field from Windows EventLog using Logstash Logstash windows	4	706	January 3, 2020

Extract Windows Event Log fields

Related topics