"Endpoint and Cloud Security" integration for Elastic Agent mentions in the documentation (for Elastic 8.4.1) that
...The log type of documents are stored in the logs-endpoint.* indices. ...
However this is not entirely true. The following data streams were created when using "Endpoint and Cloud Security" integration:
Which results in:
- Incosistency across the data stream naming pattern.
- Inconsitency with the integration documentation.
- Problems when ingesting by logstash all events from Elastic Agent and following the ELastic's documentation for using a dedicated