Hi,
after filebeat and osquery setup data is present in the log-files and received from the Filebeat osquery module. However, I do not see any osquery.result* index pattern at all. Just activated the osquery module, nothing else.
Kibana dashboard error Message: Could not locate that index-pattern-field (id: osquery.result.columns.platform_like)
PS: "filebeat setup -e" does neither create an index pattern for osquery nor suricata enabled modules!
Any advise? How can I get or create the missing index pattern to make this work?
Regards, Gernot