Hello Community, I have an issue in xml decoder, I’m trying to decode sysmon for linuxs logs i’m using filebeat to send the logs from ubuntu server to my graylog everything works great however filebeat is decoding the keys instead of values of the message.
here is what my graylog showing after decoding.
-
it’s showing the decoded keys not the values.
-
filebeat configuration for xml decoding
processors:
- decode_xml:
field: message
target_field: ""
overwrite_keys: false
what am I missing in my filebeat configuration.
anyone who can help please?