Hi,
I'm using winlogbeat to publish event logs to logstash. I mean that the output from winlogbeat is for another machine that runs logstash. The plugin is :
input {
# tcp {
# port => 12345
# }
beats {
port=> 6666
}
}
filter {
mutate { rename => { "message" => "forensic"} }
}
output {
stdout{}
}
I want the original log sent from winlogbeat , including all existing fields. Usually the field "message" contain the entire log . the problem is the field "message is already occupied by winlogbeat with different data, and when i do :
mutate { rename => { "message" => "forensic"} }
I don't get the entire log , but only the field that winlogbeat occupied with some different data rather then the entire original log. how can I get the original log sent from winlogbeat?