I'm Having an issue I've just deployed the Custom decoders and rules they being triggered but data is not indexed to elastic default alerts are indexed but not for custom rules
Hi @Danish_Ibrar! Can you provide some more details as to the rule type that you are using and what you mean by elastic default alerts? Do you mean the .alerts-* indices?
yes I'm actually writing custom decoders for wazuh but filebeat is unable to index data to Elasticsearch. After I restart all the services the latest log I see for filebeat is "Attempting to connect to elasticsearch"
decoders are working fine
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.