I'm sending windows event logs to elasticsearch using winlogbeat.
And I'm using kibana to display the event log data received by elasticsearch.
So I have one question.
Where in the Linux directory is elasticsearch storing the event log data it receives from winlogbeat?
I think I can only see the result of analyzing the received event data when I check elasticsearch.log.
Therefore, I would like to know where in the elasticsearch directory the raw event log data received is stored.
Or is it not stored as such?
I'm waiting for help from someone with more experience.
Thank you in advance for your help.
Elasticsearch stores the data in /var/lib/elasticsearch, but it's not something you can just go and view. You need to use the Elasticsearch APIs or Kibana to view the data.
Your kind assist are very much appreciated. And, I was able to view the log stats in kibana. However, I would like to know where the original log data file in ubuntu directory. Do I need Elasticsearch APIs to view the original log files?I'm so in trouble waiting for your help
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
