Load JSON data from Elasticsearch

[jkhalouian]

Is it possible to pull Event Log data in the form of JSON payload from elastic.

For example, I have an index that stores event IDs with the field names "System.EventID.Value" and "EventData.LogonType".

Could I possibly modify any of the variables in the script to search for these fields and pull the values?

Thanks!

[shu-tom]

LogonTracer only supports loading data imported from Winlogbeat into Elasticsearch.