I check the capi2 log in windows. The transmission to Elastic also works partially. Only that not all fields are transferred. Specifically, I need the field under
Userdata | certverifyCertificateChainPolicy | certificata | subjectname
maybe also other fields ... how can I transfer these fields to ELastic?
Mfg Marcel
Do you have a sample of the UserData value? If you temporarily add include_xml: true Winlogbeat will send the raw XML that includes the user data then we can try to figure out why it's not parsing the data into winlog.user_data.*. It does assume a certain key/value structure of the user data XML, but there may be a workaround.
above is the screenshot which is generated in the server's event log ...
I need the values under certificate -> subjectname
where do I have to store include_xml: true?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
