I'm trying to get familiar with the SIEM. When I look at "Authentications" in the Hosts section, it is empty. If I look at the request, it appears to be looking for event.type:
However, I have 0 records containing that field when I search my Winlogbeat indices for event.type in the Discover tab.
I just recently upgraded Winlogbeats from 7.3.0 to 7.6.0. When I look at the mappings for 7.6.0, the field is defined (It is also defined in previous 7.3.0 indices as well).
Am I missing something? Is there something else I need to do to get this field logged other than the default mappings used in Winlogbeat? For example, logging specifically required events...