i am seeing Computer when XML and ComputerName when Not XML field in my logs in the windows index, It matches the props.conf. but it would not create a host_fqdn as I do not see that field on my threathunting index. This cause my overview dashboard to not work. If I delete the host_fqdn = 'none", i get a hit.
i am seeing Computer when XML and ComputerName when Not XML field in my logs in the windows index, It matches the props.conf. but it would not create a host_fqdn as I do not see that field on my threathunting index. This cause my overview dashboard to not work. If I delete the host_fqdn = 'none", i get a hit.