hi
it has the @timestamp fileld. But this timestamp filed has the time when the event has been parsed by winlogbeat rather than the time when it has been logged(created) as windows event.
Please help me with this issue
Thanks
Mariyana
The @timestamp field is populated with the TimeCreated value from the Windows event log. (source ref)
Can you please enable include_xml: true for the event log in question. Then share the complete JSON event sent to Elasticsearch by Winlogbeat.
winlogbeat.event_logs:
- name: <SomeEventLog>
include_xml: true # For debugging purposes only.
You can get the full JSON content from Kibana's Discover tab. Find an event the click on the JSON tab.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.