Are you using winlogbeats as a log shipper on your windows machines? That extracts a lot of information before sending to the beats input… It’s not clear about how you are working with the message, are you suing extractors, are you working in the pipeline? Here are some tips on how to make your question clearer here and here.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Parsing Account Name field | 2 | 536 | July 19, 2022 | |
| Please help me parse this message | 4 | 2402 | February 16, 2021 | |
| GROK Extractor: how to match exact text and assign it to a field at the same time? | 3 | 910 | September 24, 2019 | |
| I need some GROK Assistance | 2 | 308 | October 28, 2021 | |
| Deleting event logs before Elasticsearch | 4 | 1174 | April 29, 2019 |