Hey - totally new to Elastic, someone mentioned it may be the solution we need.
I've had a quick look and I'm getting more and more confused by all the options!
Briefly - we have 16 Forcepoint proxies.
They have access logs that record all traffic through each device.
In total they record about 30 million entries per day.
We regularly have to search the access logs for specific entries when there is a problem (Between two times, source IP, destination URL, etc.).
As they are load balanced we usually don't know which proxy the traffic has travelled through so we have to log onto each of the 14 proxies and search their logs. Also the search facility on the proxy is pants and very basic.
They have SIEM integration and I've pointed them at a free Kiwi server to test (data MUST stay on site) and this works but generates a few gigs of data every hour and Kiwi is no good for searching.
What do I need to look at in Elastic to gather the access logs from each device into a central location that has decent search capabilities???
Sorry for being totally uneducated on Elastic!
Thanks,
Anthony.