Yes sure, thanks for looking! (I have redacted a few entries for some anonymity)
{ "_index": "filebeat-7.9.3-2020.11.11-000001", "_type": "_doc", "_id": "tXlG2nUBmOZpro34u1Ee", "_version": 1, "_score": null, "_source": { "agent": { "hostname": "IS01NNHHMV", "name": "IS01NNHHMV", "id": "0efd101c-e768-4abd-835f-ebcf39b4d005", "type": "filebeat", "ephemeral_id": "31fdefbf-b585-4501-a169-95695f2e0054", "version": "7.9.3" }, "temp": {}, "log": { "file": { "path": "D:\IISLogs\W3SVC5\u_ex201118_x.log" }, "offset": 26308409 }, "destination": { "address": "10.10.1.220", "port": 443, "ip": "10.10.1.220" }, "source": { "address": "10.10.1.15", "ip": "10.10.1.15" }, "fileset": { "name": "access" }, "url": { "path": "/occasions.aspx", "query": "aid=3878990&herkomst=gpl" }, "input": { "type": "log" }, "iis": { "access": { "sub_status": 0, "win32_status": 0 } }, "@timestamp": "2020-11-18T07:34:26.000Z", "ecs": { "version": "1.5.0" }, "related": { "ip": [ "10.10.1.15", "10.10.1.220" ] }, "service": { "type": "iis" }, "host": { "hostname": "IS01NNHHMV", "os": { "build": "17763.1397", "kernel": "10.0.17763.1397 (WinBuild.160101.0800)", "name": "Windows Server 2019 Standard", "family": "windows", "version": "10.0", "platform": "windows" }, "ip": [ "2a01:6a40:1:17::210", "fe80::457c:2cb4:8df:e4c", "10.10.1.208", "10.10.1.210", "10.10.1.212", "10.10.1.214", "10.10.1.216", "10.10.1.220" ], "name": "IS01NNHHMV", "id": "1d2d74d3-8136-4c78-a774-9b2c0f24264b", "mac": [ "00:50:56:bd:a6:4a" ], "architecture": "x86_64" }, "http": { "request": { "referrer": , "method": "GET" }, "response": { "status_code": 200 } }, "event": { "duration": 16000000, "created": "2020-11-18T07:34:28.867Z", "kind": "event", "module": "iis", "category": [ "web", "network" ], "type": [ "connection" ], "dataset": "iis.access", "outcome": "success" }, "user_agent": { "original": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1", "os": { "name": "iOS", "version": "14.0.1", "full": "iOS 14.0.1" }, "name": "Mobile Safari", "device": { "name": "iPhone" }, "version": "14.0" } }, "fields": { "@timestamp": [ "2020-11-18T07:34:26.000Z" ], "event.created": [ "2020-11-18T07:34:28.867Z" ], "suricata.eve.timestamp": [ "2020-11-18T07:34:26.000Z" ] }, "sort": [ 1605684866000 ] }{ "_index": "filebeat-7.9.3-2020.11.11-000001", "_type": "_doc", "_id": "tXlG2nUBmOZpro34u1Ee", "_version": 1, "_score": null, "_source": { "agent": { "hostname": "IS01NNHHMV", "name": "IS01NNHHMV", "id": "0efd101c-e768-4abd-835f-ebcf39b4d005", "type": "filebeat", "ephemeral_id": "31fdefbf-b585-4501-a169-95695f2e0054", "version": "7.9.3" }, "temp": {}, "log": { "file": { "path": "D:\IISLogs\W3SVC5\u_ex201118_x.log" }, "offset": 26308409 }, "destination": { "address": "10.10.1.220", "port": 443, "ip": "10.10.1.220" }, "source": { "address": "10.10.1.15", "ip": "10.10.1.15" }, "fileset": { "name": "access" }, "url": { "path": "/occasions.aspx", "query": "aid=3878990&herkomst=gpl" }, "input": { "type": "log" }, "iis": { "access": { "sub_status": 0, "win32_status": 0 } }, "@timestamp": "2020-11-18T07:34:26.000Z", "ecs": { "version": "1.5.0" }, "related": { "ip": [ "10.10.1.15", "10.10.1.220" ] }, "service": { "type": "iis" }, "host": { "hostname": "IS01NNHHMV", "os": { "build": "17763.1397", "kernel": "10.0.17763.1397 (WinBuild.160101.0800)", "name": "Windows Server 2019 Standard", "family": "windows", "version": "10.0", "platform": "windows" }, "ip": [ "2a01:6a40:1:17::210", "fe80::457c:2cb4:8df:e4c", "10.10.1.208", "10.10.1.210", "10.10.1.212", "10.10.1.214", "10.10.1.216", "10.10.1.220" ], "name": "IS01NNHHMV", "id": "1d2d74d3-8136-4c78-a774-9b2c0f24264b", "mac": [ "00:50:56:bd:a6:4a" ], "architecture": "x86_64" }, "http": { "request": { "referrer": , "method": "GET" }, "response": { "status_code": 200 } }, "event": { "duration": 16000000, "created": "2020-11-18T07:34:28.867Z", "kind": "event", "module": "iis", "category": [ "web", "network" ], "type": [ "connection" ], "dataset": "iis.access", "outcome": "success" }, "user_agent": { "original": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1", "os": { "name": "iOS", "version": "14.0.1", "full": "iOS 14.0.1" }, "name": "Mobile Safari", "device": { "name": "iPhone" }, "version": "14.0" } }, "fields": { "@timestamp": [ "2020-11-18T07:34:26.000Z" ], "event.created": [ "2020-11-18T07:34:28.867Z" ], "suricata.eve.timestamp": [ "2020-11-18T07:34:26.000Z" ] }, "sort": [ 1605684866000 ] }{ "_index": "filebeat-7.9.3-2020.11.11-000001", "_type": "_doc", "_id": "tXlG2nUBmOZpro34u1Ee", "_version": 1, "_score": null, "_source": { "agent": { "hostname": "IS01NNHHMV", "name": "IS01NNHHMV", "id": "0efd101c-e768-4abd-835f-ebcf39b4d005", "type": "filebeat", "ephemeral_id": "31fdefbf-b585-4501-a169-95695f2e0054", "version": "7.9.3" }, "temp": {}, "log": { "file": { "path": "D:\IISLogs\W3SVC5\u_ex201118_x.log" }, "offset": 26308409 }, "destination": { "address": "10.10.1.220", "port": 443, "ip": "10.10.1.220" }, "source": { "address": "10.10.1.15", "ip": "10.10.1.15" }, "fileset": { "name": "access" }, "url": { "path": "/occasions.aspx", "query": "aid=3878990&herkomst=gpl" }, "input": { "type": "log" }, "iis": { "access": { "sub_status": 0, "win32_status": 0 } }, "@timestamp": "2020-11-18T07:34:26.000Z", "ecs": { "version": "1.5.0" }, "related": { "ip": [ "10.10.1.15", "10.10.1.220" ] }, "service": { "type": "iis" }, "host": { "hostname": "IS01NNHHMV", "os": { "build": "17763.1397", "kernel": "10.0.17763.1397 (WinBuild.160101.0800)", "name": "Windows Server 2019 Standard", "family": "windows", "version": "10.0", "platform": "windows" }, "ip": [ "2a01:6a40:1:17::210", "fe80::457c:2cb4:8df:e4c", "10.10.1.208", "10.10.1.210", "10.10.1.212", "10.10.1.214", "10.10.1.216", "10.10.1.220" ], "name": "IS01NNHHMV", "id": "1d2d74d3-8136-4c78-a774-9b2c0f24264b", "mac": [ "00:50:56:bd:a6:4a" ], "architecture": "x86_64" }, "http": { "request": { "referrer": , "method": "GET" }, "response": { "status_code": 200 } }, "event": { "duration": 16000000, "created": "2020-11-18T07:34:28.867Z", "kind": "event", "module": "iis", "category": [ "web", "network" ], "type": [ "connection" ], "dataset": "iis.access", "outcome": "success" }, "user_agent": { "original": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1", "os": { "name": "iOS", "version": "14.0.1", "full": "iOS 14.0.1" }, "name": "Mobile Safari", "device": { "name": "iPhone" }, "version": "14.0" } }, "fields": { "@timestamp": [ "2020-11-18T07:34:26.000Z" ], "event.created": [ "2020-11-18T07:34:28.867Z" ], "suricata.eve.timestamp": [ "2020-11-18T07:34:26.000Z" ] }, "sort": [ 1605684866000 ] }
{
"_index": "filebeat-7.9.3-2020.11.11-000001",
"_type": "_doc",
"_id": "tXlG2xxxxxxpro34u1Ee",
"_version": 1,
"_score": null,
"_source": {
"agent": {
"hostname": "IS01NNHHMV",
"name": "IS01NNHHMV",
"id": "0efd101c-e768-xxxx-xxxx-ebcf39b4d005",
"type": "filebeat",
"ephemeral_id": "31fdefbf-b585-4501-a169-95695f2e0054",
"version": "7.9.3"
},
"temp": {},
"log": {
"file": {
"path": "D:\IISLogs\W3SVC5\u_ex201118_x.log"
},
"offset": 26308409
},
"destination": {
"address": "10.10.1.220",
"port": 443,
"ip": "10.10.1.220"
},
"source": {
"address": "10.10.1.15",
"ip": "10.10.1.15"
},
"fileset": {
"name": "access"
},
"url": {
"path": "/occasions.aspx",
"query": "aid=3878990&herkomst=gpl"
},
"input": {
"type": "log"
},
"iis": {
"access": {
"sub_status": 0,
"win32_status": 0
}
},
"@timestamp": "2020-11-18T07:34:26.000Z",
"ecs": {
"version": "1.5.0"
},
"related": {
"ip": [
"10.10.1.15",
"10.10.1.220"
]
},
"service": {
"type": "iis"
},
"host": {
"hostname": "IS01NNHHMV",
"os": {
"build": "17763.1397",
"kernel": "10.0.17763.1397 (WinBuild.160101.0800)",
"name": "Windows Server 2019 Standard",
"family": "windows",
"version": "10.0",
"platform": "windows"
},
"ip": [
"2a01:xxx:xx::210",
"fe80::457c:2cb4:8df:e4c",
"10.10.1.208",
"10.10.1.210",
"10.10.1.212",
"10.10.1.214",
"10.10.1.216",
"10.10.1.220"
],
"name": "IS01NNHHMV",
"id": "1d2d74d3-xxxxxxx0f24264b",
"mac": [
"00:50:xxxxxx:4a"
],
"architecture": "x86_64"
},
"http": {
"request": {
"referrer": , "method": "GET" }, "response": { "status_code": 200 } }, "event": { "duration": 16000000, "created": "2020-11-18T07:34:28.867Z", "kind": "event", "module": "iis", "category": [ "web", "network" ], "type": [ "connection" ], "dataset": "iis.access", "outcome": "success" }, "user_agent": { "original": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1", "os": { "name": "iOS", "version": "14.0.1", "full": "iOS 14.0.1" }, "name": "Mobile Safari", "device": { "name": "iPhone" }, "version": "14.0" } }, "fields": { "@timestamp": [ "2020-11-18T07:34:26.000Z" ], "event.created": [ "2020-11-18T07:34:28.867Z" ], "suricata.eve.timestamp": [ "2020-11-18T07:34:26.000Z" ] }, "sort": [ 1605684866000 ] }