Hello.
I created an index pattern coming from snort in json format. I used logstash to create it
But now i would like to write rules (xpack is activated) in kql coming from my snort index pattern i created but it does not work. Please help.
I used this tutorial : Visualize Snort3 logs in Kibana using Logstash and Elasticsearch – AGHANIM BLOG
Hi @Didi_Lilou, are you encountering errors when creating your Custom Query (KQL) rule? Would you mind sharing more information about what you're seeing?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.