jasonish
commented
1 year ago Sorry for the late response. First, if you run the agent and/or server with the -vvv command line option you will see on the agent the number of events sent to the server, and on the server you'll see the number of events. I'd start there. If you don't see anything, then it will be time to take a closer look at your config, but I can help you with that as well.
huangxiaone
Hi, I have suricata+evebox agent on one machine and evebox server+elasticsearch on another machine, I want to use the evebox agent to send suricata log data to the evebox server, and then visualize the data from evebox server. Is this right? When I do this, there is no data visualized. I dont know whether the log data has been send success or not. Thank you!