[winlogbeat] event.type has colon in its name at the end #13676
Labels
Comments
FrankHassanabad
changed the title
adriansr
added a commit
to adriansr/beats
that referenced
this issue
Sep 13, 2019
The sysmon module in Winlogbeat was creating the field `event.type:` with a colon at the end. Fixes elastic#13676
adriansr
added a commit
that referenced
this issue
Sep 13, 2019
The sysmon module in Winlogbeat was creating the field `event.type:` with a colon at the end. Fixes #13676
adriansr
added a commit
to adriansr/beats
that referenced
this issue
Sep 14, 2019
The sysmon module in Winlogbeat was creating the field `event.type:` with a colon at the end. Fixes elastic#13676 (cherry picked from commit 71eee76)
andrewkroh
pushed a commit
that referenced
this issue
Sep 16, 2019
leweafan
pushed a commit
to leweafan/beats
that referenced
this issue
Apr 28, 2023
…tic#13684) The sysmon module in Winlogbeat was creating the field `event.type:` with a colon at the end. Fixes elastic#13676 (cherry picked from commit a0b55ab)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In:
https://github.com/elastic/beats/blob/7.4/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L397
and:
https://github.com/elastic/beats/blob/master/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L397
There is an extra colon which causes that
event.typeto show up in KQL and other spots like this:And in the queries you have an
event.typewith a colonFor confirmed bugs, please report:
Version:
7-4-0-BC4
Operating System:
Windows
Steps to Reproduce:
Install winlogbeat and sysmon and run it for a bit.
Workaround is to manually modify the file:
C:\Program Files\Winlogbeat\module\sysmon\config\winlogbeat-sysmon.js
And take away the extra colon.
The text was updated successfully, but these errors were encountered: