How to fix Kibana field name mismatch in Indexing? In below image, For ex. the data which is in winlog.event_data.Signature and winlog.event_data.SignatureStatus I want to be in dll.code_signature.subject_name and dll.code_signature.status
If the module isn't doing that you can add custom processors to winlogbeat or the ingest pipeline to copy those fields to the fields u want.
1 Like
Thank you for your reply.
Don't you think using 'copy field' is not convenient way of doing for multiple fields? I have similar issue with multiple fields. I am taking look at sysmon parsing.
The copy field processor can do multiple fields in a single processor.
Thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.