Need Advice

[Justin Engbroten]

So we had  Elastic services go down after updating and they were down for approx 19 hours. Of course, we had an incident in that time period in which we need to search logs in Kibana. We are needing to view the user's post and get request for a few IPs as well as pcap data if possible. I know the logs are on the servers, I'm just not sure what the most efficient way of obtaining this information and putting it together. I am currently viewing bro logs and parsing out data but it's obviously taking forever and I'm still not sure the best route to take here. Any help is greatly appreciated!