I'm using Filebeat/Elasticsearch to index Zeek network traffic logs. I'm missing a key piece of understanding about Filebeat/Elasticsearch. Once the logs have been ingested and indexed, are the logs themselves accessed to produce search results? I'm wondering if I can delete the logs themselves.
Once the logs have been ingested into elasticsearch, yes, you can delete them from the source system that will have no impact on the data that's in elasticsearch.
Just remember if you want to re-ingest them they won't be there anymore.
Got it. Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.