Hello,
i am using WinLogBeat 7.1.1 (but it do not work in previous version too) and there is wrong parsed field winlog.event_data.FailureReason
t winlog.computer_name SomeServer1
t winlog.event_data.AuthenticationPackageName Negotiate
? **winlog.event_data.FailureReason %%2313**
t winlog.event_data.IpAddress 127.0.0.1
t winlog.event_data.IpPort 0
t winlog.event_data.KeyLength 0
Can you fix this please? For now I have written my own rule to parse this information.
Thanks
Jan