Hello,
Does elasticsearch support output streams similar to Graylog as shown here?
http://docs.graylog.org/en/3.0/pages/streams.html
The use case is forwarding specific events to a commercial SIEM solution. Happy for suggestions how to achieve this.
Thanks in advance,
Kyle
I moved your question to #logstash as elasticsearch does not push any data to any external system unless you are using alerting feature (commercial license) which can call an http endpoint.
Brilliant, thank you. I think thats answered my question with a simple "no" 
Still interested to hear people opinion using logstash to push to SIEM.
Thanks,
Kyle
The streams you describe seem to map quite closely to the type of logic you would implement in Logstash. Logstash has a variety of outputs that you can use to push data to SIEMs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.