Timestamp data is missing from winlog beat to logstash

Harish_Babu_B · August 27, 2019, 9:59am

Hii friends
I am trying to collect the data sent from the winlog beat to the logstash. while i'm doing it i'm unable to get the timestamp of the event generated. I'm getting only the message but I also need timestamp to do some analysis. please help me in receiving the timestamp from the log at logstash.
Below is the winlog beat configuration
winlogbeat.event_logs:

name: Application
ignore_older: 1h
name: Security
ignore_older: 1h

- name: Active Directory Web Services

name: System
ignore_older: 1h
fields_under_root: true
#----------------------------- Logstash output --------------------------------
output.logstash:
hosts: ["VM IP:5044"]
#loadbalance: true
#ssl.enabled: true

logging.to_files: true
logging.files:
path: C:\ProgramData\winlogbeat\Logs
logging.level: info

thank you

Suzan748 · August 27, 2019, 10:21am

Let me check this issue. I'll be back wait tellsubway.

Harish_Babu_B · August 28, 2019, 4:22am

yeah sure Thank you. Please let me know if you know any?

system · September 25, 2019, 4:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat does not have a proper timestamp field Beats winlogbeat	6	2047	October 6, 2016
Winlogbeat delayed data shipping Beats winlogbeat	5	948	June 27, 2019
Winlogbeat @timestamp Field Problem Beats winlogbeat	2	1895	December 12, 2016
Winlogbeat doesnot have system logged time Beats winlogbeat	2	419	July 19, 2018
Winlogbeats not exporitng event.id or xml data Beats winlogbeat	10	1202	July 6, 2018

Timestamp data is missing from winlog beat to logstash

- name: Active Directory Web Services

Related topics