Index Alias in Elastic Security (Network Map) [7.9.2]

RdrgPorto · April 29, 2021, 9:10am

Hi, everyone

I have a SonicWall index (firewall device) that has the index alias Elastic Security.

In Kibana --> Advanced Settings --> Elasticsearch indices -> securitySolution:defaultIndex

However, it does not work properly in Network, it does not show GeoIP information:

If I set indivual index-pattern instead of alias in securitySolution:defaultIndex , it works.

It seems Network map dashboard ignores the index alias (in this case elastic-security).

I would like to use an index alias for Elastic Security because I have many index and I think it would be more agile.

Thanks in advance,

Rodrigo

legoguy1000 · April 30, 2021, 12:14am

an alias is just a shortcut, for that config item it needs a specific index name or use the wildcard pattern. Look at how the default index patterns are for that setting.

RdrgPorto · April 30, 2021, 8:01am

Hi @legoguy1000

Thanks . However, it is a pity, from my point of view, it would be a nice feature can use an alias.

Regards

legoguy1000 · April 30, 2021, 11:16am

No problem. Depending on your index names u should just be able to do elastic-security-* and be good.

system · May 28, 2021, 11:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.