Hello.
I created an index pattern coming from snort in json format. I used logstash to create it
But now i would like to write rules (xpack is activated) in kql coming from my snort index pattern i created but it does not work. Please help.
I used this tutorial : Visualize Snort3 logs in Kibana using Logstash and Elasticsearch – AGHANIM BLOG
Hi @Didi_Lilou, are you encountering errors when creating your Custom Query (KQL) rule? Would you mind sharing more information about what you're seeing?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.