Hello from Japan
I have a question for my respected Elastic engineers.
I have been working on collecting Windows log information collected using Winlogbeat into Elasticsearch and visualizing it using Kibana.
These efforts faced a number of challenges.
A typical example is that Kibana can only visualize the host name of the PC sending logs.
I used to use version 7 of the Elastic Stack (mainly Elasticsearch, Kibana, and Winlogbeat).
At that time, I succeeded in linking the PC host name and the PC user using the method below.
①I transition the screen as shown below.
Kibana→management→indexpattern→scriptfield
②I loaded the script field below into Kibana.
if (doc['agent.hostname'].value == 'PC-HostName') { return 'YUUTA' }
else if (doc['agent.hostname'].value == 'PC-HostName2') { return 'INOUE' }
However, after upgrading Elastic Stack to version 8, we discovered that this mechanism no longer works.
We were very troubled. (This is because information about computer users cannot be grasped instantly.)
*It is unfortunate that we accidentally discovered that these are written in the official Elasticseach documentation.
The method we were able to implement in V7 was to statically replace it on the Kibana screen, but it helped us.
I would like to implement a similar method in Version 8, but is there a way?
My ElasticStack environment is as follows.
Kibana 8.11.1
Elasticseach 8.11.1
Winlogbeat 8.11.1
Please help me
regards
Thank you