User ID cannot be displayed properly
When you say that it's not displayed properly what exactly do you mean?
Winlobeat just passes the
event_data fields through from what it finds in the event log. You should be able to open up the Event Viewer, find this log message by using the
record_number, view the raw XML representation of the event, and verify that they are equivalent.
Perhaps you want to be able to translate SID values to names? https://github.com/elastic/beats/issues/7451
yes！I want to be able to translate SID values to names，
I've seen this https://github.com/elastic/beats/issues/7451
I also read a lot of solutions you wrote to solve the problem of change.
But I don't understand. Is this translation a function of Winlogbeat, or does it need to be debugged by myself?
I am from China and my English is poor. Please forgive me.
thank you for your reply!
Translation of SIDs to names is not a feature yet.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.