Subscribe
Notify of
guest
12 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Cesare
Cesare
4 years ago

Hello Pablo,
very nice works, I’ll try to take some of your suggestions.
I was testing your config and I just want to advise you that you forgot a “}” to close the else if:
else if [event_data][LogonType] == “9” {
mutate {
add_field => { “Method” => “NewCredentials” }
}

thanks again,
Cesare

Francesco Ferrari
Francesco Ferrari
4 years ago

Pablo, you would mind to share your config files? I´ve tried to make it work but far from it.

Thanks for your attention.

Franthesco Ferrari
Franthesco Ferrari
4 years ago
Reply to  Pablo Delgado

Hi Pablo, I finally got to work 🙂
Would you mind to share your dashboard files?!
Thanks

Atif M Baig
Atif M Baig
3 years ago

Can you please share the config files ?

Atif M Baig
Atif M Baig
3 years ago
Reply to  Pablo Delgado

I am running all ELK stack on one Ubuntu server. I am looking for logstack files and elasticstach, filebeat.yml files.

Brajesh
Brajesh
2 years ago

Hey this is a beautiful article. I am just getting started with ELK. I am trying out 7.8 right now. So by default in /etc/logstash/conf.d folder I have one logstash.conf file with no filter.

Should I create another conf file with the input, filter, and output section?, while input section pointing to 5044 the default logstash port.

trackback

[…] Monitoring Active Directory with ELK – Syspanda […]