Hi, i have seen some info online about this and search about entity centric event but I can't figure out how to implement all of this. I am a newbie in the field.
I am working with logstash and winlogbeat. I want to search for occurences where in X minutes i have event A following by event B on the same machine or with the same user but each event have different field info. Thank you in advance