I Have added our Sophos firewall using the Sophos Filebeat module. I can read all logs nicely.
So far so good. However, today I started adding Windows Servers:
All went OK. Services are all running.
The only thing that I cant figure out:
Within Elastic-->Security-->hosts, I can see the host, and it is connecting fine. I can See events, and I can expand specific Events. All readable and parsed.
However, if I go to Analytics-->Discover, only Syslog Firewall events are being shown.
One thing I did notice was that I probably miss a Winlogbeat Index?
Please don't post pictures of text, logs or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them
I think the simplest fix in Kibana is to go to Stack Management -> Data Views -> Create data view. Enter "winlogbeat-*" and select @timestamp. Then click "Create data view".
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.