Hello,
Will winlogbeat forward the log to Elasticsearch if it is installed on AD and when someone lockout from the system and if the account lockout log is dropping on AD?
eg.: if 10 users are getting locked out on their systems , we can see lockout logs on kibana only for 4 users .
Do you have multiple domain controllers?
Yes but even after checking logs from winlogbeat which is on them, i cound not find the relevant log
Can I confirm that you are seeing the event ID 4740 in windows event log but it's not being sent to Elasticsearch?
Maybe it would help if you show us your winlogbeat.yml
Yes not able to see in on Elasticsearch but appearing on dc
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.