I am having a problem with Winlogbeats not sending or not properly parsing all the Sysmon event.code fields. I have been testing beign able to event code: 1 for process creations like "whoami.exe", but when I started to look I did not see any event code=1 being sent. I can look in the Event viewer and see them listed, but for some reason I do not see it in Kibana. I am not dropping any event codes on any server, but some workstations I am I am dropping event.code: 2 AND 3....
Any ideas on why that is?
Event Log:
Detailed Event Log:
Graph in Kibana: (7 days)
