If the contents of event.action that Auditbeat already provided me doesn't enough, or I want to add a field which means event.action for the logs Filebeat collected. How can I make this happen?
Also I want to know how many and what actions have been stored in event.action , for that I checked source codes from https://github.com/elastic/beats/tree/main/auditbeat and https://github.com/elastic/beats/tree/main/filebeat already.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.