I have this log message in Elastic:
ExtendedProperties
[{"Name":"UserAgent","Value":"Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.13426; Pro)"} {"Name":"UserAuthenticationMethod","Value":"1"} {"Name":"RequestType","Value":"OAuth2:Token"} {"Name":"ResultStatusDetail","Value":"Success"} {"Name":"KeepMeSignedIn","Value":"false"}].
I have tried searching various ways for "OAuth2". Do you know how I can successfully search for it and get results?
It'd be useful if you posted the entire thing please. Please format your code/logs/config using the </> button, or markdown style back ticks. It helps to make things easy to read which helps us help you
Were you able to review the index? What started this query is that there is a detection rule that looks at OAuth2; however, I am not able to confirm that it is working.
The paste bin post will be deleted in 4 hours, but I can repost it if necessary.
If you don't get an answer, my recommendation would be to provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.
A full reproduction script is something anyone can copy and paste in Kibana dev console, click on the run button to reproduce your use case. It will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.
I'm using Kibana.
I can browse in the logs and find {"Name":"RequestType","Value":"OAuth2:Token"} in the log message. I haven't found a way to search for log messages that contain "OAuth2".
Does that help?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.