Hi,
I'm trying to send Windows logs through Windows Event Forwarder, through Winlogbeat and Logstash to syslog. (System1->System2 with Winlogbeat->Logstash->syslog). For some reason event which appear in syslog is cropped only to message field, no event fields, no winlog fields. The same event in Elasticsearch has all of the fields. Why output to syslog on Logstash cropped fields other than message?
Ok, simpler question then:
Is there a way to send a full log through Winlogbeat->Logstash->syslog or is it impossible?
See the documentation
By default the contents of the
messagefield will be shipped as the free-form message text part of the emitted syslog message. If your messages don’t have amessagefield or if you for some other reason want to change the emitted message, modify themessageconfiguration option.
Ok, so there is a way 
Did you see any tutorial that will help me to achieve my goal?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.