Hello all! And sorry for my english...
I have tons of security logs on my elasticsearch. Now I wanna store Windows security logs for 2 weeks, and other (app, system) logs for 3-6 month. So, I think easiest way to do that have 2 types of winlogbeat indices:
- winlogbeatSEC-2017.01.11 for security logs ,
- winlogbeat-2017.01.11 for other Windows logs.
So I can simply and quickly delete winlogbeatSEC indices by the script.
How can I divide win logs by "log_name"?
Thanks a lot!