Hello, i have some problem with rules in ElasticSIEM. I have a lot of indexies but in on of them rules don't working. Messages about error rules are absent. WIth one index rule are working but when i write rule for other index it no workig.
Hi, can you give us some details, please? What are the indices on which it doesn't work named. Perhaps a screenshot of the Rule configuration would also be useful.
Using https://discuss.elastic.co/t/bulkresponse-had-errors-with-response-statuses-counts-of/226492 i made this. Afther that i see that i have problem with fieds in my index:
I changed host field name using logstash, and is workig!
Thank you for getting back to us @Nazarenko and letting us know what the issue was. We have recently changed that error reporting for the log files for the backend here:
And that will be part of a release starting in 7.8.0 moving forward. Glad to see we have a concrete use case for testing out error reporting for when we push signals into the backend at this point.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.