Hi,
I am very to ELK. I've setup a GPO which forwards sysmon and sercurity logs to a server. Then I have winlogbeat which sends the log to logstash. Everything works like a charm except now I am trying to filter the events I am not interested in.
Here is an example
Hi @limp15000, please use code escaping when pasting settings, they get formatted by discuss if not. I cannot tell but there may be some indenting/formatting issues in your settings. Something like this should work:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.