New Elastic user here:)
Ubuntu 22.04 LTS Server, running ELK Stack.
I Have added our Sophos firewall using the Sophos Filebeat module. I can read all logs nicely.
So far so good. However, today I started adding Windows Servers:
- Install Sysmon.
- Install Winlogbeat.
All went OK. Services are all running.
The only thing that I cant figure out:
Within Elastic-->Security-->hosts, I can see the host, and it is connecting fine. I can See events, and I can expand specific Events. All readable and parsed.
However, if I go to Analytics-->Discover, only Syslog Firewall events are being shown.
One thing I did notice was that I probably miss a Winlogbeat Index?
Can Anyone help me solve this issue?