I have a query related to legal purpose.
I am using winlogbeat to ship windows event logs to the elasticsearch. And winlogbeat process the logs and add extra fields to it and store it as docs in an index.
So, If I have a requirement to submit the RAW logs to an US court for investigation and forensics, can I submit these logs from the elasticsearch indices as an evidence?
If NO, what's the solution?