Looking at https://www.elastic.co/blog/monitoring-windows-logons-with-winlogbeat
I think I'm good except for ...
Saved "field" parameter is now invalid. Please select a new field.
Any suggestions?
I seem to recall seeing this in another post. After you have data ingested can you please try to refresh the Kibana index pattern.
Haha well, I got it working but then I lost all my fields on windows filtering and powershell filtering.... I went from over 100 fields to around 75 under winlogbeats.
Ugh, I got it, sorry for all the stupid questions... gotta get some training!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.