philhagen
commented
8 months ago this should be all set in 08e4f3540cf79c131230646ff0d43a63a2bf7233. I tested enough data types to feel confident that the conversion will cover all of our use cases, but will keep this issue open until it's released with a new VM. (Too touchy to release to existing VMs, as it could result in data loss and/or duplication.)
to test this now, use a FRESH vm with no evidence loaded, then update per the wiki instructions on develop
currently inputs use
- type: log. we should be using- type: filestreamsee https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-filestream.html