I'm relatively new to this field and looking for information on what I should look for when troubleshooting specific winlog._ or event._ data. Where would be the best place to look? I've already gone through the Export Field definitions list, but need to expand on. i.e. more than winlog.computer_name - look for computer name changes
I'm not sure if I understand your issue. The list of fields is available here: https://www.elastic.co/guide/en/beats/winlogbeat/current/exported-fields-winlog.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.