all the security Events have the the field winlog.keywords but ForwardedEvents don't Forward it.
How can i configure the winlogbeat.yml file that the ForwardedEvents fordward the field winlog.keywords ?
https://www.elastic.co/guide/en/beats/winlogbeat/master/exported-fields-winlog.html
winlog.keywords is required: False
How can i make it true?
Try to use inlude_fields but it doesn' work
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.