Skip to content

Commit

Permalink
x-pack/winlogbeat/module/routing: set host.os.type and host.os.family…
Browse files Browse the repository at this point in the history
… in forwarded events (#35435)
efd6 authored May 18, 2023
1 parent d28d8dd commit 3528edd
Showing 2 changed files with 11 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
@@ -326,6 +326,8 @@ automatic splitting at root level, if root level element is an array. {pull}3415

*Winlogbeat*

- Set `host.os.type` and `host.os.family` to "windows" if not already set. {pull}35435[35435]


*Elastic Log Driver*
*Elastic Logging Plugin*
9 changes: 9 additions & 0 deletions x-pack/winlogbeat/module/routing/ingest/routing.yml
Original file line number Diff line number Diff line change
@@ -16,6 +16,15 @@ processors:
- pipeline:
name: '{< IngestPipeline "powershell_operational" >}'
if: ctx?.winlog?.channel == 'Microsoft-Windows-PowerShell/Operational'
- set:
field: host.os.type
value: windows
override: false
- set:
field: host.os.family
value: windows
override: false

on_failure:
- set:
field: error.message

0 comments on commit 3528edd

Please sign in to comment.