I want to know how I can put the full log from the event in aggregation, because the full log is not a field. I know how I can put, for example, the agent.name, but full log, I don't know.
Asked
Active
Viewed 46 times
1 Answers
0
Amy.
Thanks for using Wazuh.
The full log is added as part of the aggregated information, and can be used as part of a filter if you go into an agent's events and add it as filter. It will allow you to select a specific instance of full log you want to select.
In the picture above, you can see a picture of the dashboard where I am selecting the full log as filter.
I hope this clears your question. Cheers,
Andres Micalizzi
- 29
- 4