[Winlogbeat] Enhance Module documentation with Logstash config example

elastic / beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash

https://www.elastic.co/products/beats

Other

109 stars 4.93k forks source link

[Winlogbeat] Enhance Module documentation with Logstash config example #36037

Open andrewkroh opened 1 year ago

andrewkroh commented 1 year ago

The documentation for Winlogbeat modules should show an example of how to configure Logstash to route data to the "routing" pipeline. I have seen a number of questions relating to this.

https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-modules.html

https://discuss.elastic.co/t/winlogbeat-logs-sent-through-logstash-arent-parsed-correctly/338076

elasticmachine commented 1 year ago

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

legoguy1000 commented 1 year ago

Another option, could the @metadata.pipeline field be populated by Winlogbeat like it is for all the Filebeat modules so the original logic works?

elasticmachine commented 9 months ago

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)