HI,
may i know, why my data not display in security in kibana. Previously i'm using basic license. then i extend it to trial license. however, i saw my data for auditbeat and filebeat appear in discovery. but i just confuse why the data only show in discovery but not show in security?
Thanks
Hi @syafeera, Nice to see you are trying out Elastic Security.
Data sent into the Elastic stack from Auditbeat and Filebeat should be visible in the Security app, so we'll need to find out why yours is not. Can you please answer a few questions to allow us to better help you?
Thanks!
Hi,
2.Also, can you tell us if the systems on which Filebeat and Auditbeat are running are connected directly to Elasticsearch? Or is there something like Logstash in between?
No i setup using the filebeat.yml ad audit.yml. I'm not using logstash
3.Where in the Security App are you expecting to see the Filebeat and Auditbeat events, but they are not showing up?
At the security menus, but there are no data at all overthere
4.Did you remember to run the filebeat setup command before running filebeat?
I'm not sure, what i know if there is problem, i will restart the filebeat or auditbeat using this command
sudo systemctl restart filebeat
sudo systemctl restart auditbeat
Thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.