Registry.data.string is null

As per below logs from endpoint the field name from kibana registry.data.string should contain the value of data string from ImagePath, but it is giving Null value. the data which I want to be in registry.data.string it is coming under winlog.event_data.Details
Can someone please explain?

Any suggestions?

Need help

Since I don't use winlogbeat I can only assume that is how the module is set to parse the data. Look here, https://www.github.com/elastic/beats/tree/master/x-pack%2Fwinlogbeat%2Fmodule, to see the scripts used for each module. If u think our should be different, submit an issue on GitHub.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.