Hey! I am using logstash with suricata and kibana. I changed the suricata gid numbers, which according to the docs, have no technical implications. However, it changed the way I see all of my alerts in Kibana. I'm going over the default files in etc/logstash/conf.d and I'm having a hard time figuring out where and how the gid number changing would ruin the parsing of my data. Does anyone have any experience with this?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.