I currently have an Elastic Stack that uses Auditbeats to ingest logs. I am able to use the Auditbeats to see which packages are installed in my environment looking at the Package fields. I am testing out moving from Auditbeats to the Elastic Agent using the Auditd module and noticed I was unable to see the Package field. Is there a way to have Elastic Agent look for the Package field?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.