Hey,
I have integrated firewall logs in ELK. I came across some logs which are of URL shorteners eg., bit[.]ly, etc.. the interesting part is when a user clicks on these kinds of URLs we won't know the original URL and we won't have visibility unless and until the user does something on that final URL.
If someone has a solution or a workaround to tackle these kinds of situations please let me know.
Thanks in advance 