Miss the field winlog.keywords in ForwardedEvents event_logs

Lehugo · August 10, 2020, 9:06am

all the security Events have the the field winlog.keywords but ForwardedEvents don't Forward it.

How can i configure the winlogbeat.yml file that the ForwardedEvents fordward the field winlog.keywords ?

Lehugo · August 10, 2020, 10:11am

Try to use inlude_fields but it doesn' work

system · September 7, 2020, 12:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat drop_fields not working Beats winlogbeat	6	1811	July 5, 2021
Event outcome and winlog.keywords - Possible Bug Beats winlogbeat	2	622	September 8, 2020
Winlogbeat modified to Text and Keyword Beats winlogbeat	2	871	January 16, 2018
Winlogbeat 5.3.0 sends the whole content of ForwardedEvents at startup Beats winlogbeat	7	1352	May 2, 2017
Proper Syntax for filtering forwarded events? Beats winlogbeat	1	332	June 15, 2020