Hi!
I'm new at Elasticsearch and I'm implementing the SIEM Wazuh. The team of wazuh has their own agent to collect the logs, but in the company where I'm working want that some machines run the Wazuh agents and other machines run with Winlogbeat.
Currently the wazuh index work as expected, the problem is that I don´t know how to ingest and index the Winlogbeat logs (and work along with wazuh index). So my questions are next:
Do I need a single node for each type of logs (Winlogbeat and Wazuh)?
And how can I load this different kind of index in Kibana?
Thank you!
You can't mix the data from Winlogbeat with the data from Wazuh, they have different fields and mappings, so you need to use different indices, one for the data from wazuh agents and another one from the data from winlogbeat agents.
For winlogbeat can just follow the documentation and it will help you to create the dashboards and mappings so you are able to see the data in Kibana.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.