i use elasticsearch for wazuh and I need to send data from my local elasticsearch to another elasticseatch.
I want to send only the data that have the level field of a given threshold.
how i do it?
Thanks,
Hama
There's a few options;
- Use Alerting to run a query to match the threshold and then use the webhook to send to the other cluster
- Use Logstash to do something similar
- Use remote reindexing to do the same
can you give me details on how each step?
There is documentation that explains how to do?
Thanks.
I'm happy to point you to the relevant documentation.
For the first option;
https://github.com/elastic/examples/tree/master/Alerting/Sample%20Watches/monitoring_free_disk_space as an idea for the threshold, then the webhook - https://www.elastic.co/guide/en/elastic-stack-overview/6.5/actions-webhook.html
For the second;
Input from Elasticsearch https://www.elastic.co/guide/en/logstash/current/plugins-inputs-elasticsearch.html and then output https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
For the last one;
https://www.elastic.co/guide/en/elasticsearch/reference/6.5/docs-reindex.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.