Hi,
I've winlogbeat sending data to logstash then to elasticsearc and kibana.
If I run cmd.exe or calc.exe or any process on the beat machine, the process.name in kibana doesn't have any values for them.
It only shows some other processes like the ones in the graph
Here are the configs in winlogbeat.yml, are they good or should I add anything more to have the processes? Aren't they configured by default?
#======================= Winlogbeat specific options ===========================
# event_logs specifies a list of event logs to monitor as well as any
# accompanying options. The YAML data type of event_logs is a list of
# dictionaries.
#
# The supported keys are name (required), tags, fields, fields_under_root,
# forwarded, ignore_older, level, event_id, provider, and include_xml. Please
# visit the documentation for the complete details of each option.
# https://go.es.io/WinlogbeatConfig
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: System
- name: Security
processors:
- script:
lang: javascript
id: security
file: ${path.home}/module/security/config/winlogbeat-security.js
- name: Microsoft-Windows-Sysmon/Operational
processors:
- script:
lang: javascript
id: sysmon
file: ${path.home}/module/sysmon/config/winlogbeat-sysmon.js
Any help is really appreciated.
Regards,