Fresh ElasticStack 7.10 deployment on Azure. Elastic Agents have been deployed. The indices for packetbeat-* and auditbeat-* are not found. Date range expanded to a YEAR.
Here are the installed Integrations.
Neither auditbeat or packetbeat appear in the Datastream.
Thanks in advance for the assist. What have I overlooked?
Also, seeing Detections and Host Events.
The endpoints are a combo of on-premise and cloud assets. However, no Network Events are present.
Hi @Vigilox welcome to the community.
It looks like you are using the new Elastic Agent and Ingest Manager / Fleet.
This was newly released in 7.9, and is still in beta in 7.10.x
Not all the current beats integrations / functionality are supported yet, which include packetbeat and auditbeat functionality. Over time more will be added.
"Integrations for popular services and platforms: 7.9 has support for ~40 integrations, with plans to port all 100+ Beats modules over in the next few releases. Integrations ship with prepackaged content like dashboards and a data transformation pipeline that let you go from data to insight in literally minutes."
Thank you for the warm welcome and the reply.
I previously reviewed the link you provided. However, in my excitement, I overlooked the "Elastic Agent (beta) [currently] supports logs, metrics, and endpoint security data" part.
Apologies. I got ahead of things.
All good. We'll keep watching for additional integrations e.g. auditbeat, packetbeat in upcoming releases.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
