I feel like I'm missing something here. Auditbeat is up and running on an ubunutu server and I'm getting auditd, system, and file integrity logs but some fields referenced by the Elasticsearch prebuilt linux rules aren't getting parsed: file.name is one example.
So, I feel like I'm missing something. Is there any specific additional step that needs to take place to get all of the fields parsed or do I just need to create my own ingest pipeline and parse them manually?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.