Hi guys,
I have a question about winlogbeat along with logstash where I need to use the translate for hexadecimal codes.
KQL example winlog.event_data.AccessMask: "0x10080" and event.code: "4656" returns me that the event is DELETE and I wanted to present it in a new field as DELETE instead of the hexadecimal code.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.