Is there a way registry events can be located in ELK using Winlogbeats for windows. event_id does not seem to have a true representation.
It's not really clear what you are asking here, can you elaborate please?
i am trying to create a Registry Event Types - Pie Chart Visualization. But i cannot find the event_id that is associated with registry in ELK. Maybe i am overlooking some thing. I am using sysmon. There maybe a special phrasing that i am over looking. Im all ears.
It doesn't sound like this is a specific Elasticsearch question, but let's just clarify a couple of things to be sure.
It sounds like your issue is:
- winlogbeat is sending data into Elasticsearch
- you want to do a visualisation of that data in Kibana
- there's a field you want (
event_id) that you can't find.
It sounds like your first step should be to look at the mapping for your index, and see what fields winlogbeat is sending.
If you can't find what you're after, then you'll probably need to ask in the winlogbeat forum. The Elasticsearch team can't really help unless the data is getting into ES.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.