I have installed the 7.2 versions of elasticsearch, logstash and kibana. Trying to follow this blog:
However when filtering down to event_id 4624 the TargetUserName and targetDomainName fields don't seem to be populated in kibana, they are populated in other events. The Blog seems to be aimed at the 5.x version. Has things changed that much that the blog is obsolete now ?