Miss the field winlog.keywords in ForwardedEvents event_logs

Lehugo · August 10, 2020, 9:06am

all the security Events have the the field winlog.keywords but ForwardedEvents don't Forward it.

How can i configure the winlogbeat.yml file that the ForwardedEvents fordward the field winlog.keywords ?

Lehugo · August 10, 2020, 10:11am

Try to use inlude_fields but it doesn' work

Topic		Replies	Views
ELK 5.5 : Winlogbeats no Messages displayed form ForwardedEvents Beats winlogbeat	7	1734	August 21, 2017
Selected windows log events Beats winlogbeat	3	1093	April 12, 2016
"INFO Non-zero metrics in the last 30s" with Winlogbeat Beats winlogbeat	2	1263	February 7, 2019
Winlogbeat 5.3.0 sends the whole content of ForwardedEvents at startup Beats winlogbeat	7	1387	May 2, 2017
Winlogbeat running on Windows Event Collector - logs use the collector name instead of log sources Beats winlogbeat	8	1522	January 15, 2018