Hi, i'm new in ELK and I'm planning to add several hosts to my SIEM. I have several hosts distributed in several company locations and I want to be able to analyze each location separately.
I tried to add tags to the agent but it doesn't allow me to filter the hosts or the events.
Somebody can give me some pointers to add tags to the hosts and their events to help me to analiza each location?
Or there are another way (no tags) to group my hosts?
Thanks in advance!
If you're using beats, you can add fields:
fields:
location: not-kansas
Thanks for your answer! I'm using the elastic Agent. I going to try to add labels.
Thank you!
It looks that the Elastic Agent don't support label configuration. Only tags. However I don't see how to attach the tags to the events generated for the agent.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.