Hi,
In winlogbeat, I'm able to get the body of PowerShell script that is executed on device using:
powershell.file.script_block_text:
But is there a way to get the 'stdout' or return / output of the script?
Regrdas,
Dear @ethical20
Is this question related to Kibana? Sounds like more like a #elastic-stack:beats question?
Best,
Matthias
Thanks @matw
So how can we change this post and redirect it to beats?
I could move it to this channel, but for better visibility, I'd suggest you create a new post, and provide more details what you trying to do, what's your setup and the expected outcome. This will help you t get better and quicker feedback.
Best,
Matthias
Winlogbeat gets its data from the Windows event log. And I think the stdout and stderr are not something that is captured by the powershell's event logging. So Winlogbeat won't be able to provide that unless it's already in the event log.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.