Hello all,
I have the following configurations:
input {
beats {
port => "8514"
type => "winlogbeat"
}
}
output {
elasticsearch {
hosts => ["10.192.144.9:9200"]
manage_template => false
sniffing => true
index => "ad-%{+YYYY.MM.dd}"
}
}
and
input {
beats {
port => "8513"
type => "winlogbeat"
}
}
output {
elasticsearch {
hosts => ["10.192.144.9:9200"]
manage_template => false
sniffing => true
index => "sysmon-%{+YYYY.MM.dd}"
}
}
In kibana I have 2 different index pattern one ad-* and sysmon-* but when I see the logs I have sysmon logs with ad logs.
Can someone please tell me why this is happening and how I can fix it?
Thanks in advance for your help.
Best Regards,
Pedro Cabral