I have integrated Windows computer and receiving logs using elastic agent. For several security rules source.ip field is required for detection. Instead of source.ip the logs are indexed with host.ip.
how do i change it to source.ip?
I have integrated Windows computer and receiving logs using elastic agent. For several security rules source.ip field is required for detection. Instead of source.ip the logs are indexed with host.ip.
how do i change it to source.ip?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.