Hi Team,
I have successfully set up helk by following the instructions provided in the GitHub repository. Additionally, I have configured winlogbeat to send my event/sysmon logs to Kibana through Kafka. Now, my goal is to configure elastAlert to receive notifications for specific event IDs from winlogbeat and integrate it with Slack. I have followed a guide to achieve this, but despite the configuration, I am not seeing any logs for elastalert in Kibana. I would like assistance in troubleshooting and resolving this issue so that I can receive elastalert notifications for specific event IDs in my helk setup.
This is the error screenshot that for the index elastalert_status_status from kibana
This is my elastalert configuration to integrate with slack
helk-elastalert:
image: otrf/helk-elastalert:latest
container_name: helk-elastalert
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "6m"
restart: always
depends_on:
- helk-logstash
environment:
ES_HOST: helk-elasticsearch
ES_PORT: 9200
SLACK_WEBHOOK_URL: https://hooks.slack.com/services/<random-string>
networks:
helk:
Thanks in advance