I'm not sure what it's called, sort of grok maybe )
Do not judge strictly) today I am the first day with ELK.
I have a problem with fields received from Windows Server.
'Execution ProcessID' = 'ProcessId'
Can someone manual how to do this?
I would be very grateful.
Example from Win out.
- 4689 0 0 13313 0 0x8020000000000000 523834 <**Execution ProcessID**="4" ThreadID="104" /> Security sd-193.SD.LOCAL - S-1-5-21-1701381398-1125909616-1447102860-26926 user_adm DDD 0x473f159 0x0 0x2e80 C:\Windows\System32\notepad.exe