使用winlogbeats将消息从windows主机转发到kafka群集。在主机上安装winlog beats代理并尝试将安全日志转发到kafka代理。但我看到事件中缺少消息字段。winlogbeat配置：

# ======================= Winlogbeat specific options ==========================

winlogbeat.event_logs:
- name: Security
ignore_older: 72h
forwarded: true
fields:
  log_topic: TEST
  extra_id: testId
fields_under_root: true

# ------------------------------- Kafka output ----------------------------------

output.kafka:

# Boolean flag to enable or disable the output module.

 enabled: true

# The list of Kafka broker addresses from where to fetch the cluster metadata.

# The cluster metadata contain the actual Kafka brokers events are published

# to.

output.kafka.hosts: ["localhost:9092","localhost:9093"]
output.kafka.topic: '%{[log_topic]}'

我能够运行winlogbeat并看到流量流向kafka，但问题是下面编辑的输出记录中缺少消息字段。

"record_number": "20092012",
  "event_data": {
    "TargetLogonId": "00000000",
    "LogonType": "3",
    "TargetUserName": "USER1",
    "TargetDomainName": "DOMAIN",
    "TargetUserSid": "1-1-1-1-1"

我期待着看到像下面这样的winlogbeat发送的东西

* message: An account was logged off.

Subject:
    Security ID:        S-000000000000000000000
    Account Name:       000000
    Account Domain:     DOmain
    Logon ID:       0x1234
Logon Type:         7
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.*

winlogbeat.yml配置文件中是否缺少任何内容？