Update winlogbeat templates, add info for adding filters #261
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🗣 Description
💭 Motivation and context
1.This change is required because earlier versions of Winlogbeat did the parsing and mapping of logs and this version no longer does that.
2. LME logs many activities that may not be interesting to the user so filtering gives them away to keep them out of the dashboards.
We now will be able to leverage Elastic Common Schema field names.
Closes #155
Closes #57
📷 Screenshots (DELETE IF UNAPPLICABLE)
🧪 Testing
The API tests were run and a change needed to be made to reflect the updated fields.
The dashboards need to be revisited to make sure they read the new fields.
✅ Pre-approval checklist
the title reflects this in a clear human readable format
✅ Pre-merge Checklist
✅ Post-merge Checklist