Index Management for differents Lifecycle policy
18 views
Skip to first unread message
Paul S.
Jun 27, 2023, 9:12:04 AM6/27/23
to Wazuh mailing list
Hi everyone,
I have a question about Lifecycle management and Wazuh
I have a question about Lifecycle management and Wazuh
I'm using ELK to monitor and store every Wazuh-alerts-x and apply a custom lifecycle policy on it
I
now have a different needs, and I have to make another Lifecycle policy
for different servers.
The thing is that lifecycle are applied on an
Index Patterns, and ALL of my alerts are under wazuh-alerts-x by
default.
Is there a way to index my alerts from a particular IP
address under a new Index name ? Something like custom-alerts-x , so I
can apply a new lifecycle policy on it ?
Thank you very much, and have a nice day
Federico Ramos
Jun 27, 2023, 12:16:39 PM6/27/23
to Wazuh mailing list
Hi Paul S
You can create a new index with a custom name using Elasticsearch Index API, and then configure it to redirect all the alerts from a particular IP.
You can create a new index with a custom name using Elasticsearch Index API, and then configure it to redirect all the alerts from a particular IP.
Reply all
Reply to author
Forward
0 new messages