Can someone point me in the direction of some working documentation, with examples on using snippets to bend winlogbeat to my needs?
I’ve tried a couple of things that I found around, but none seem to work, always throwing errors and preventing winlogbeat from starting.
when I tried
-name: Security event_id: 4624, 4688, 4673
It didn’t seem too happy with it (did not find expected key).
When I tried the same as a yaml fragment, it said “could not find expected ‘:’”
I’ve seen come to understand my issues are because I set the beats output to localhost and not the graylog server (rookie mistake).