Help with Winlogbeat and filtering computer accounts

I have a few ELK stacks up and running but I'm getting a lot of false 'Admin User Sessions' which are the computer accounts eg computer$. I'm using Windows Event forwarding to send all security related events over to my winlogbeat system then ship them over to ELK.

I tried to drop some of the events but how do I drop these computer objects from showing up as normal users?



Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.