I have query with regards to raw documents, for example if we send syslogs, netflow data, firewall logs and windows event logs, we can either send it via logstash or directly elasticsearch. If we send through logstash it parse the data and send to elasticsearch. So all the documents are stored in json format in elasticsearch.
For example if there is any security audits if they want to see the raw data, is it possible to retrieve the raw documents of the data or only the json documents can be retrieved?
if its possible how?
if not what are the other possible ways to achieve it ?
Am not sure if my question is right or wrong?
Please do let me know ,if anyone knows it.