Hi,
I want to know if it's possible to filter date of Wineventlog from Winlogbeat for index on kibana. Because my Kibana is index on date of Linux log, and I would like to add my windows servers on.
I find some tracks with @metadata but I do not understand how to recover the date from log.
For the moment i have just rename the timestamp field in my filter :
if [type] == "wineventlog" {
mutate {
add_field => { "timelog" => "%{@timestamp}" }
}
}
thank's you
There are filters available in Winlogbeat: https://www.elastic.co/guide/en/beats/winlogbeat/current/filtering-and-enhancing-data.html
How do you want to filter messages? Drop some or route it to a different target?
Do you want to filter in Winlogbeat or in Kibana?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.