Hi,
I'm running ELK stack with winlogbeat and I would like to change the name of the field winlog.event_data.TargetUserName.
Currently I've put this in my logstash config:
filter{
if [winlog][event_data][TargetUserName]
{
mutate {
rename => { "winlog.event_data.TargetUserName" => "User" }
}
}
}
However, when I run logstash it doesnt seem to do anything. The field doesn't get renamed (as far as I can see in Kibana) and logstash runs just as normal.
Any pointers would be greatly appreciated!
//Rasmus