Ok so are you using the suricata filebeat module?
If so there are certain steps / configuration you need for your architecture... Look at this post by me...
It's for ngnix logs but same principles apply.. look at these 2 posts
Ok so are you using the suricata filebeat module?
If so there are certain steps / configuration you need for your architecture... Look at this post by me...
It's for ngnix logs but same principles apply.. look at these 2 posts
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.