11
Leave a Reply

avatar
3 Comment threads
8 Thread replies
4 Followers
 
Most reacted comment
Hottest comment thread
6 Comment authors
BrajeshAtif M BaigFranthesco FerrariFrancesco FerrariPablo Delgado Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Cesare
Guest
Cesare

Hello Pablo,
very nice works, I’ll try to take some of your suggestions.
I was testing your config and I just want to advise you that you forgot a “}” to close the else if:
else if [event_data][LogonType] == “9” {
mutate {
add_field => { “Method” => “NewCredentials” }
}

thanks again,
Cesare

Francesco Ferrari
Guest
Francesco Ferrari

Pablo, you would mind to share your config files? I´ve tried to make it work but far from it.

Thanks for your attention.

Brajesh
Guest
Brajesh

Hey this is a beautiful article. I am just getting started with ELK. I am trying out 7.8 right now. So by default in /etc/logstash/conf.d folder I have one logstash.conf file with no filter.

Should I create another conf file with the input, filter, and output section?, while input section pointing to 5044 the default logstash port.