I have 10 servers, with 10 indexes. I need to create similar dashboards for all the indexes. Creating one by one manually is pain.
Is there any automated way to do it.
Do you have an index per server? Why?
we are sending syslogs and application logs. just to Identity logs per machine.
I know its a bad design, Can you please help us design this effectively.
10 Machines:
- Syslogs
- auditlogs
- antivirus logs
Need to create dashboard appropriately to figure out. - Commands ran by root on individual machines
- Commands ran by users on individual machines
3.succuess/fail logins on all machines etc
Instead of storing data in different indices per machine, add a field indicating the source during the processing. If you can control the mapping and ensure there are no conflicts, you can store all three types of logs in the same index. Once you have it in the same index, you can create a single dashboard that shows data for all machines while still being able to filter data from a specific machine when required.
1 Like