Hi there,
Is there a way to include meaningful descriptions to each of the event_ids that are being ingested into logstash?
When I use the event_id to display top five for example I get the actual Event ID from Windows
4,634 4,648 4,768 4,625 4,740
I would like it to expand it to display something like
4740 account locked
4625 failed to logon
and so on
Thanks
You could use Logstash to add your own custom category to events. With the translate filter you can map event IDs to categories and add this a a new field, like category.
Thanks for the suggestion Andrew, that does look like what I'm after
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.