LME icon indicating copy to clipboard operation
LME copied to clipboard
verified publisher icon cisagov

Verify fields in parsed logs.

Open llwaterhouse opened this issue 2 years ago • 1 comments

From Adam's comments:

Check if we are loading the elasticsearch ingest node pipelines from the winlogbeat setup command and that logstash is configured to use the ingest node pipelines.

Reference this Slack Canvas discussion: https://dhscisa.enterprise.slack.com/docs/T02QH7E1MHA/F067EAFHZT9

llwaterhouse avatar Nov 20 '23 22:11 llwaterhouse

This ticket is also referred to as "update Elastic Schema".

llwaterhouse avatar Dec 11 '23 18:12 llwaterhouse