we have implemented ELK to visualize eduroam log from radsecproxy. Our system was developed following this guideline GitHub - REANNZ/etcbd-public: eduroam tools container-based deployment - public tools
it was working successfully, but suddenly, I saw kibana showing old data and it stuck showing this old data, even when I deleted the log file and recreated a new one. the system still shows old data. where do these data come from?? and why are not deleted when I empty the log file??
radsecproxy and elk both are on different servers. and the data is transferred using filebeats.
I am new on elk, I am lost, and I don't know where to check and where the logs stopped. Can anyone assist me to identify and solve the issue?