I have just started my journey with Elastic Stack. It is really cool so far. I have ELK up, I have created my own filters for named and DHCP using Logstash with GROK, and have started basic visualization with Kibana. My next foray is into un structured data, that is, data that is to mangled to effectively GROK. Is un structured data still searchable, useful for visualizations and available for analytics ?
It's searchable, but without some structure it might not be super valuable for analytics.
I thought as much. It doesn't seem like developing GROK parsers or using the CEF plugin is a big lift.
THX!!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.