How to get the original log from winlogbeat?

Daniel_Ben_Hayoun · September 16, 2019, 4:01pm

Hi,
I'm using winlogbeat to publish event logs to logstash. I mean that the output from winlogbeat is for another machine that runs logstash. The plugin is :
input {
# tcp {
# port => 12345

	# }

	beats {
		port=> 6666
	}
}

filter {
	mutate { rename => { "message" => "forensic"} }

}
output {
	stdout{}
}

I want the original log sent from winlogbeat , including all existing fields. Usually the field "message" contain the entire log . the problem is the field "message is already occupied by winlogbeat with different data, and when i do :
mutate { rename => { "message" => "forensic"} }

I don't get the entire log , but only the field that winlogbeat occupied with some different data rather then the entire original log. how can I get the original log sent from winlogbeat?

system · October 14, 2019, 4:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to get the original message sent to logstash? Logstash	1	547	October 7, 2019
Timestamp data is missing from winlog beat to logstash Beats winlogbeat	3	408	September 25, 2019
How to use the timestamp of the original logs in winlogbets? Beats winlogbeat	3	416	December 26, 2019
Question about log with winlogbeat and logstash Beats winlogbeat	3	432	February 5, 2019
Beats_input_raw_event Logstash	4	331	January 7, 2024

How to get the original log from winlogbeat?

Related topics