Hello,
I added suricata integration to my system, but I can't use filebeat suricata module so I configured filebeat to send logs without suricata module to ELK, I just wondering is there any solution to use kibana integration with my own index source? My index is suricatalogs-* , and I can access to rebuild Suricata specific kibana dashboard.
You can create an index pattern - changing to Data View in the future - with suricatalogs-* and then use it for creating visualizations for Dashboard use, or for exploring your data in Discover.
Alternatively in Canvas, you can use the index names (permitting asterisk too) directly in queries such as SQL queries
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.