Hello,
I am actually trying to index user history request in ElasticSearch but I did't succeded.
I come here to know if there is a solution or an alternative to do what I want.
My configuration :
- ElasticSearch witch X-pack (to define users)
- Kibana with X-pack
- FileBeat to take log from ElasticSearch (slowlog and access_log)
- Logstash to filter log comming from FileBeat and index in ElasticSearch
So, I wanted to mix slowlog and access_log to have something like this :
- Time : the @timestamp of the request
- User : the user who wrote the request
- Index : one or more indexes
- Request : something like {"match":{...}}
The problem is that the User is in the access_log and the Request in slowlog and I can't link the two because the only connection between the two logs is Index. The @timestamp can't be used because it don't fit between the logs.
Is there a solution that I did't seen or an alternative ?
Thank you for your attention.