Hi, please don't judge me too harsh. I'm new to ELK and have question regarding creation of new fields from windows log in logstash. Windows logs are forwarded to logstash by winlogbeat plugin.
I need extract eventlog subject from eventlog and create new field from it. In the following image its
"Special privileges assigned to new logon." message.
Standart winlogbeat "message" field extracts whole message text as in the following picture.
I additionally need "Special privileges assigned to new logon." message as a new filed lets say "message_small".
Could you please list all neccesary steps for this.
Thanks in advance