Hi there!
Here is my question. I have Filebeat sending Suricata logs directly to Elasticsearch (via Suricata module).
My Suricata log files are divided by types of events (eve-alerts, eve-dns, eve-events). In Kibana is configured an index that receives all the messages. Is there any way to use the Suricata module and separate the logs into multiple indexes, just like "Filebeat-alerts" and "Filebeat-events".
Gratefull for any help.