Hello All,
This simple question that probably has a simple answer.
I'm working with WinLogBeat on a WIndows based testing device that is setup to send events to a raspberry pi running logstash. In turn the raspberry pi sends the events to an ELK instance.
This all works with the exception of working with the indexes in Kibana and this may be a simple config problem on my end.
What I've noticed is that even though Winlogbeat is transmitting to logstash and logstash is sending to ELK the index has to be manually created each time. Almost as if the index from the previous time period has aged out or rolled over and ELK has failed to dynamically create a new one. Is this normal behavior and can the index be created dynamically or on a scheduled basis?
Thanks
TimW