fitlering eventlog with GELF_TCP - no information. no errors in log
Hello folks, since weeks i am trying to get filtered informations from a domain controller but i dont get the right informations. If i choose the EVENT IDs i want to get, there comes no input on the graylog side but if i select * from Application, Security or System., all the messages are coming. but i dont want that. i only want add,modify,delete account for example. How do i have to do that? Here is one of my spectacular config files with filters:
https://pastebin.com/cptCmt9e
and thats the simple working one
https://pastebin.com/aXt5waFT