in the kibana dashboard, winlogbeat records the sysmon event and send it to elasticsearch and henceforth to kibana. there are 3 field name on time basis and i am not able to understand the difference between them namely event_data.PreviousCreationUtcTime, event_data.UtcTime and event_data.CreationUtcTime.in the below link, it's kibana visualization
