I am extremely new to ELK and I think there is something fundamental that I am not understanding. All software packages are installed and I have data flowing to my self managed instance using a Logstash.conf file. I have the Cisco Meraki and Sophos XG integrations installed. My data is showing up under discover but the custom mapping of those index templates are not applying to the logs. I don't know exactly how to send data to the server and have the index templates mapping apply to the logs. Any help would be greatful
Hello maybe I am going about this wrong. After looking into this I need data streams and not indexes. I have installed the fleet server and added the Sophos integration for our Sophos XG firewalls. I have set it up to receive logs over UDP 9005. Do I still need to have to set the logstash conf file to receive upd traffic over 9005 or does the fleet server with the integration automatically open up port 9005.
Also all of these server Elasticsearch, kibana, logstash, and fleet are all running on the same VM.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
