I have an elastic cloud instance, I'm trying to setup auditbeat for some threat hunting purposes
I have installed auditbeat on a Linux server
Enabled the below datasets
Set the output to redis list --> Redis list to--->Elastic (Success)
auditbeat setup --dashboards --> Success
I'm getting those data in elastic search successfully. When I open dashboards generated by auditbeat setup --dashboards command. It is showing various errors
The below are the some of the errors which I'm getting. Not even one dashboard loads without errors.
Saved "field" parameter is now invalid. Please select a new field. [esaggs] > "field" is a required parameter Could not locate that index-pattern-field (id: socket.entity_id)
When checked the index pattern I can see that certain fields which Dashboard throws errors are missing in the index pattern.
Could you please help me on how to fix this?