Kibana Field name mismatching

Nil_Battey_Sannata · May 7, 2021, 7:52am

How to fix Kibana field name mismatch in Indexing? In below image, For ex. the data which is in winlog.event_data.Signature and winlog.event_data.SignatureStatus I want to be in dll.code_signature.subject_name and dll.code_signature.status

legoguy1000 · May 7, 2021, 9:21am

If the module isn't doing that you can add custom processors to winlogbeat or the ingest pipeline to copy those fields to the fields u want.

Nil_Battey_Sannata · May 7, 2021, 10:07am

Thank you for your reply.
Don't you think using 'copy field' is not convenient way of doing for multiple fields? I have similar issue with multiple fields. I am taking look at sysmon parsing.

legoguy1000 · May 7, 2021, 10:31am

The copy field processor can do multiple fields in a single processor.

Nil_Battey_Sannata · May 7, 2021, 10:39am

Thank you.

system · June 4, 2021, 12:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create Field Winlogbeat Beats winlogbeat	5	452	June 25, 2020
Fields not populated Beats winlogbeat	4	949	August 7, 2019
Kafka input kibana message one field Logstash	3	314	March 3, 2022
How to convert "Selection Fields" to code? Kibana	9	866	October 4, 2017
Refresh doesn't help with question marks Kibana	2	306	March 22, 2019

Kibana Field name mismatching

Related topics