I've figured out how to parse my firewall logs with logstash, and they are in ECS format now. I can create a new index and edit some settings to get it to show in discover.
How do I add the new index pattern to the logs that elastic security looks at, or do I need to do something else?
Thanks!
It's in the Kibana advanced settings to add index patterns to the elastic security app
Thanks, that worked!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.