Zeek input only creating index templates and system indices

I am trying to ingest data from a Zeek sensor directly into Elasticsearch and when I do ES creates index templates and system indices for each Zeek log but no usable indices. This is from a clean instance but this result occurs regardless of if I have pipelines installed. This is a basic single node setup with pretty low data rate.



The template indices all list the appropriate index alias. I.e. bro-conn-1343215431254 has an alias bro-conn.

The reason why I'm trying to go directly to ES vice using Logstash is because when I use ingest pipelines with Logstash my resource usage is unsustainable - though it works.

I have searched around and am not seeing this issue anywhere so thanks for your help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.