We have already installed auditbeat and metricbeat agents (version 7.10.2) on our RHEL / Linux servers and we want to track the "commands" that the user had executed on the server through Kibana dashboards. We do not have logstash and we are shipping the logs directly from the servers to the elasticsearch nodes and then to Kibana.
Can someone help us on this?
Both Elasticsearch and Kibana have modules on metricbeat to monitor them:
And the same applies to filebeat:
Everything is also available as integrations through Elastic agent:
Apart from that, depending on your suscription you can also enable audit logging for the stack and more concretely, you can audit search queries.
Hope it helps!
FYI 7.10 is EOL and no linger supported, please upgrade