I've figured out how to parse my firewall logs with logstash, and they are in ECS format now. I can create a new index and edit some settings to get it to show in discover.
How do I add the new index pattern to the logs that elastic security looks at, or do I need to do something else?
Thanks!
It's in the Kibana advanced settings to add index patterns to the elastic security app
Thanks, that worked!