- Winlogbeat Reference: other versions:
- Winlogbeat Overview
- Quick start: installation and configuration
- Set up and run
- Upgrade
- Configure
- Winlogbeat
- General settings
- Project paths
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Kibana endpoint
- Kibana dashboards
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- rate_limit
- registered_domain
- rename
- script
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- HTTP endpoint
- Instrumentation
- winlogbeat.reference.yml
- How to guides
- Modules
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get Help
- Debug
- Common problems
- Dashboard in Kibana is breaking up data fields incorrectly
- Bogus computer_name fields are reported in some events
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
- Dashboard could not locate the index-pattern
- Not sure how to read from .evtx files
- Contribute to Beats
Legacy Winlogbeat alias fields
editLegacy Winlogbeat alias fields
editField aliases based on Winlogbeat 6.x that point to the fields for this version of Winlogbeat. These are added to the index template when migration.6_to_7.enable: true is set in the configuration.
-
type -
type: alias
alias to: winlog.api
-
activity_id -
type: alias
alias to: winlog.activity_id
-
computer_name -
type: alias
alias to: winlog.computer_name
-
event_id -
type: alias
alias to: winlog.event_id
-
keywords -
type: alias
alias to: winlog.keywords
-
log_name -
type: alias
alias to: winlog.channel
-
message_error -
type: alias
alias to: error.message
-
record_number -
type: alias
alias to: winlog.record_id
-
related_activity_id -
type: alias
alias to: winlog.related_activity_id
-
opcode -
type: alias
alias to: winlog.opcode
-
provider_guid -
type: alias
alias to: winlog.provider_guid
-
process_id -
type: alias
alias to: winlog.process.pid
-
source_name -
type: alias
alias to: winlog.provider_name
-
task -
type: alias
alias to: winlog.task
-
thread_id -
type: alias
alias to: winlog.process.thread.id
-
user.identifier -
type: alias
alias to: winlog.user.identifier
-
user.type -
type: alias
alias to: winlog.user.type
-
version -
type: alias
alias to: winlog.version
-
xml -
type: alias
alias to: event.original