As per below logs from endpoint the field name from kibana registry.data.string
should contain the value of data string from ImagePath, but it is giving Null value. the data which I want to be in registry.data.string
it is coming under winlog.event_data.Details
Can someone please explain?
Any suggestions?
Need help
Since I don't use winlogbeat I can only assume that is how the module is set to parse the data. Look here, https://www.github.com/elastic/beats/tree/master/x-pack%2Fwinlogbeat%2Fmodule, to see the scripts used for each module. If u think our should be different, submit an issue on GitHub.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.