we want to analyse how to use winlogbeat to monitor security as a replacement to splunk
at the moment we have numerous questions on how to migrate from splunk to elasticsearch
one question is how do we monitor the "record_number" parameter for a sequential number OR how we monitor logs that have been dropped
thanks for any information you can provide
Every Beat can be monitored using X-Pack monitoring. See more: https://www.elastic.co/guide/en/beats/winlogbeat/6.5/monitoring.html
Number of dropped events is reported by each Beat and it is visualized in Kibana.
View the functionality monitoring UI: https://www.elastic.co/guide/en/kibana/current/beats-page.html
ok thanks will take a look how that works
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.