Log Source

How to get the list of all Log sources ingestng logs in Elastic security.

Hi Phoeix, Welcome to community.
If you are ingesting data using agents , Check list of installed integrations to see log sources

@Venkata_Raja integration will only reflect the no of logs shippers, like audit beat, winlogbeat etc.
How to fetch which all devices/log source onboarded like within qradar we have Building blocks ( for example BB : Logsource type) etc.

Agents will carry host names and log file path in data-stream metadata . Just check the respective datastreams and see the fields which are carrying the values. Create a query to get those fields from all datastreams to get what you wanted.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.