Elasticsearch/Kibana Version = 8.2
I'm starting a new cluster and want to verify all of the default dashboards and ingest paths are working correctly. I am using Fleet to manage the agents and integrations.
For the System Integration, successful SSH events will produce 'system.auth.ssh.event : Accepted'
BUT failed logins will not produce and 'system.auth.ssh.event' value at all.
The created index is .ds-logs-system.auth-default-YYYY.MM.DD-00000X and the Data Stream is 'logs-system.auth-default.' The associated Index Template is 'logs-system.auth' and the index default pipeline is 'logs-system.auth-1.6.4'
I am pretty sure this worked just fine in version 8.0 but I don't see anyway to downgrade the system integration package to verify - other than blow this away and build a new environment.
Any thoughts