I have a minor problem,
According to the documentation, the logs from the Threat Intel module in Filebeat can reside in a dedicated logs-ti* index.
Quick link to the page: Enable threat intelligence integrations | Elastic Security Solution [8.3] | Elastic
I see that by default in elastic 8.x, all data from filebeat is in the .ds-filebeat-* index.
Is there a very simple way to have the logs from Threat Intel module written to another dedicated index (e.g. logs-ti*)?
This can be implemented, for example, with logstash, which in the pipeline appropriately directs the data to the selected indexes.
However, is there any option here for simpler log splitting (based only on filebeat and elasticsearch)?
Is there no quick and ready support for this problem?
Thanks a lot for your help!