Discuss the Elastic Stack

Winlogbeat Original Field remove

Elastic Stack Beats

Frack July 15, 2021, 11:07am 1

Hi,
Why some field are remove when convert to ECS ?
For exemple DestinationIsIpv6 from sysmon:

'winlog.event_data.SourceIsIpv6' is remove after create 'network.type'.

As I have to work with beat agent and industrial system (no beat allowed) I have to write 2 query to find the same information .

Thanks

system (system) Closed August 12, 2021, 1:08pm 2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.