Good afternoon everyone,
I recently blew away my old ELK stack and built a new one. I still maintained the same log sources, Sysmon, Windows events, and Powershell, (using the configuration that came with winlogbeat) but now I cannot filter on event.code which shows up in Kibana with an icon next to it that looks like a triangle with an exclamation point in it. Could someone that has had this experience or knows how to fix it help me through this?
Thank you for your time and help!
Try to refresh the Kibana index pattern for winlogbeat-*. https://www.elastic.co/guide/en/kibana/current/managing-fields.html
Or delete the Kibana index pattern and use winlogbeat.exe setup --dashboards to recreate it. https://www.elastic.co/guide/en/beats/winlogbeat/7.9/load-kibana-dashboards.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.