logsources:
  sysmon:
    product: windows
    service: sysmon
    index: logstash-windows-*
    conditions:
      EventLog: Microsoft-Windows-Sysmon