Winlogbeat Original Field remove

Frack · July 15, 2021, 11:07am

Hi,
Why some field are remove when convert to ECS ?
For exemple DestinationIsIpv6 from sysmon:

As I have to work with beat agent and industrial system (no beat allowed) I have to write 2 query to find the same information .

Thanks

system · August 12, 2021, 1:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat 7.9 removed a field? Beats winlogbeat	2	296	October 21, 2020
Winlogbeats remove @metadata, agent and ecs fields Beats winlogbeat	2	636	May 9, 2021
Winlogbeat and ECS Beats winlogbeat	8	2012	October 30, 2018
Question about Security Module + ECS + Sparcity Question Beats winlogbeat	8	557	August 27, 2019
Event.Original Beats winlogbeat	2	813	June 11, 2020