I work in a semi-large environment running filebeat and auditbeat on most of my hosts, 1536 hosts to be exact. Today is one of those rare days where 1 host is missing or not reporting in and was wondering how others deal with this issue.
I created a new data table showing only the unique host names from both indexes but because not all hosts have something to report in, auditbeat is only showing a fraction of the hosts its running on.
I can look at instances and filter for each type of beat, but at 20 rows per page, that's a lot of clicking.
Is there an easier way of figuring this out? I suspect that one might be hung but how to find it...?
Filebeat
1535
Auditbeat
1536