I would like to know if anybody has used ELK to centralise device logs (Windows, Linux, firewall, etc), before forwarding them on to a SIEM? I have a requirement to have a central log storage at each of my geographical locations - ELK seems perfect for this. However, I then need to have the same log data forwarded to my SIEM for correlation, alerting, etc.
I would be interested to hear if this can be done natively with the elastic stack. Thanks in advance.