gluteusmax
commented
4 years ago Apologies .. it seems I had enabled the processor for Forwarded events that Winlogbeat ships with and this was munging up the output. No issue here ...
Closed gluteusmax closed 4 years ago
gluteusmax
commented
4 years ago Apologies .. it seems I had enabled the processor for Forwarded events that Winlogbeat ships with and this was munging up the output. No issue here ...
Describe the problem
I am using WEF to get logs to HELK ... the dashboards don't populate some of the charts, specifically those that reference a ".keyword field". (e.g. Could not locate that index-pattern-field (id: process_parent_name.keyword)
Is HELK supposed to accommodate forwarded event logs in the various pipelines and have the Dahsboards populate ?
Thanks,