Winlogbeat Parser Modification

Hi Experts..

I've to parse some windows security events which are currently not supported by Winlogbeat and looking to modify the existing parsing capability of Winlogbeat.

Looking at the file, it seems that "/module/security/config/winlogbeat-security.js" is the file where we've to do the changes. Is that right?
Any heads-up for this will be highly appreciated.

I don't want to write filters in Logstash.

Thanks in Advance.

I would suggest using Ingest Node Pipelines to change the parsing .

Thanks Felix. My Objective is to modify the parsing capability of Winlogbeat like Elastic do in every release.

Okay so you would like to contribute to our code base. Thats great, thank you..
So first of all you should familiarize yourself with the beats contribution guide.

@ruflin Could you guide him where to start?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.