Fresh ElasticStack 7.10 deployment on Azure. Elastic Agents have been deployed. The indices for packetbeat-* and auditbeat-* are not found. Date range expanded to a YEAR.
Here are the installed Integrations.
Neither auditbeat or packetbeat appear in the Datastream.
Thanks in advance for the assist. What have I overlooked?
Also, seeing Detections and Host Events.
The endpoints are a combo of on-premise and cloud assets. However, no Network Events are present.
Hi @Vigilox welcome to the community.
It looks like you are using the new Elastic Agent and Ingest Manager / Fleet.
This was newly released in 7.9, and is still in beta in 7.10.x
Not all the current beats integrations / functionality are supported yet, which include packetbeat and auditbeat functionality. Over time more will be added.
"Integrations for popular services and platforms: 7.9 has support for ~40 integrations, with plans to port all 100+ Beats modules over in the next few releases. Integrations ship with prepackaged content like dashboards and a data transformation pipeline that let you go from data to insight in literally minutes."
Thank you for the warm welcome and the reply.
I previously reviewed the link you provided. However, in my excitement, I overlooked the "Elastic Agent (beta) [currently] supports logs, metrics, and endpoint security data" part.
Apologies. I got ahead of things.
All good. We'll keep watching for additional integrations e.g. auditbeat, packetbeat in upcoming releases.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
