Windows OS event format generated by logstash
The basic format of the Windows Event Log generated by logstash is described here as a reference for users.
The Windows OS Events Insight pack has been built using the IBM® Operations Analytics - Log Analysis DSV toolkit. Events are formatted by logstash into a csv format with the following columns.
| Number | Column Name | Description |
|---|---|---|
| 1 | EventLog | Describes the subsystem of event, for example Application or Security |
| 2 | Timetsamp | Time of event |
| 3 | Level | Information, Warning, Error etc |
| 4 | User | If a user name is associated with the event |
| 5 | EventSource | Source of event |
| 6 | EventID | Event ID |
| 7 | Description | Text description of event |
| 8 | Hostname | Hostname of the Windows machine |
| 9 | EventRecordNumber | Unique event ID |
| 10 | Category | Numeric category |