I installed suricata, and i want using elastic siem
so. i installed filebeat and send to elastic search and kibana
i well. but i want to using logstash.
i try that filebeat send log to logstash and logstash pass to elasticsearch.
i can see suricata log in kibana but elastic siem not display log.
elastic siem only using filebeat????
i want to using logstash or redis between filebeat and elastic siem
Welcome @111387!
The Filebeat Suricata module parses Suricata logs, which are mapped to events modeled by the Elastic Common Schema (ECS). This blog post explains how ECS works, and why it exists.
i want to using logstash or redis between filebeat and elastic siem
It sounds like this might be the documentation you're looking for, if, to quote the linked documentation:
you want to use Logstash to perform additional processing on the data collected by Filebeat
Would you be willing to let us know if that helps?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.