hello what would the solution be in winlogbeat.yml to this example from filelogbeat below
i want to do special filtering on powershell logs and thus tag them or similar once it get to logstash
here is my config from winlogbeat.yml
winlogbeat.event_logs:
- name: "Microsoft-Windows-Sysmon/Operational"
fields: {log_type: sysmon}
- name: "Windows Powershell"
ignore_older: 96h
fields: {log_type: Powershell}
Here's an example Logstash config based on the Filebeat config you gave:
Filebeat:
filebeat:
prospectors:
- paths:
- /path/to/logs/access.log
fields: {log_type: access}
-
paths:
- /path/to/other/logs/errors.log
fields: {log_type: errors}
Logstash:
input {
beats {
port => 5044
}
}
filter {
if [fields][log_type] == "access" {
mutate {
add_field => { "foo" => "var" }
}
}
}
output {
stdout { codec => rubydebug{} }
}