I am trying to build out a dashboard showing all the hosts that are sending logs in our environment while also having a panel that shows when a host stops sending logs and the last time they sent a log.
I took a look at the Hosts section with Security and I'm not quite sure what logic it's using to calculate the hosts in my environment. It says I have between 505-507 hosts in my environment but when I create visualizations in Kibana Lens to show how many unique counts of agent.name I'm getting in a day, the number is between 223-225. Because of this, I'm not really able to accurately report the number of hosts in our environment and how many of them are sending logs.
What logic is built into the Hosts section of the Security solution? How are you reliably tracking all of the hosts successfully sending logs in your environment?
Keep in mind we don't currently have a Fleet Server(s) in the environment but plan to do so eventually