1. Describe your incident:
Sidecar’s own Winlogbeat is shipping log with placeholders (modifiers) instead of showing actual data, some of the data is being auto captured into Winlogbeat’s own fields but not all.
On other machines I’m getting the data properly in the message field.
2. Describe your environment:
- OS Information:
Server: Ubuntu 20.04.5
Ciıent Windows 10/11 - Package Version:
Sidecar 1.2.0 - Service logs, configurations, and environment variables:
Wnlogbeat config:
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
hosts: ["10.0.0.91:5044"]
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- firstphase
winlogbeat:
event_logs:
- name: Security
3. What steps have you already taken to try and solve the problem?
Actually I am not sure where to start, I never had this problem before and searching the web yielded no results.
4. How can the community help?
Is this a known phenomena? any way to get the actual data displayed?