10
Leave a Reply

avatar
2 Comment threads
8 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
Atif M BaigFranthesco FerrariFrancesco FerrariPablo DelgadoCesare Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Cesare
Guest
Cesare

Hello Pablo,
very nice works, I’ll try to take some of your suggestions.
I was testing your config and I just want to advise you that you forgot a “}” to close the else if:
else if [event_data][LogonType] == “9” {
mutate {
add_field => { “Method” => “NewCredentials” }
}

thanks again,
Cesare

Francesco Ferrari
Guest
Francesco Ferrari

Pablo, you would mind to share your config files? I´ve tried to make it work but far from it.

Thanks for your attention.