Hi, I know I filebeat in my security onion so-status. I am using windows 10. The events get into my kibana, even when i so-elastic-clear and so-nsm-clear. How can I clear filebeat so kibana is completely empty?
thanks for any help, adive or suggestions
Depends what version you are on, but you can do something like DELETE filebeat* in Kibana's Console (or convert that to curl).
I am not sure how security onion does things though sorry.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.