Timestamp data is missing from winlog beat to logstash

Harish_Babu_B · August 27, 2019, 9:59am

Hii friends
I am trying to collect the data sent from the winlog beat to the logstash. while i'm doing it i'm unable to get the timestamp of the event generated. I'm getting only the message but I also need timestamp to do some analysis. please help me in receiving the timestamp from the log at logstash.
Below is the winlog beat configuration
winlogbeat.event_logs:

name: Application
ignore_older: 1h
name: Security
ignore_older: 1h

- name: Active Directory Web Services

name: System
ignore_older: 1h
fields_under_root: true
#----------------------------- Logstash output --------------------------------
output.logstash:
hosts: ["VM IP:5044"]
#loadbalance: true
#ssl.enabled: true

logging.to_files: true
logging.files:
path: C:\ProgramData\winlogbeat\Logs
logging.level: info

thank you

Suzan748 · August 27, 2019, 10:21am

Let me check this issue. I'll be back wait tellsubway.

Harish_Babu_B · August 28, 2019, 4:22am

yeah sure Thank you. Please let me know if you know any?

system · September 25, 2019, 4:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat delayed data shipping Beats winlogbeat	5	945	June 27, 2019
Winlogbeat @timestamp Field Problem Beats winlogbeat	2	1893	December 12, 2016
Winlogbeats not exporitng event.id or xml data Beats winlogbeat	10	1201	July 6, 2018
How to use the timestamp of the original logs in winlogbets? Beats winlogbeat	3	416	December 26, 2019
How to get the original log from winlogbeat? Logstash	1	265	October 14, 2019

Timestamp data is missing from winlog beat to logstash

- name: Active Directory Web Services

Related Topics