916 B
916 B
Filters
The following filters are provided.
| Filter | Description |
|---|---|
| grok | Similar to the logstash grok filter |
| date | Format of the "Data" binary field. |
| mutate | Behavior when event messages or event category names cannot be resolved. |
| Example Input: |
{
"TimberWinR": {
"Inputs": {
"WindowsEvents": [
{
"source": "System,Application",
"binaryFormat": "PRINT",
"resolveSIDS": true
}
]
}
}
}