philhagen
commented
2 years ago Hmm.... What are the filenames you're loading from /logstash/kape? Are the files set to world-readable so the daemon can read from them?
Closed OdMiTiMbO closed 2 years ago
philhagen
commented
2 years ago Hmm.... What are the filenames you're loading from /logstash/kape? Are the files set to world-readable so the daemon can read from them?
OdMiTiMbO
commented
2 years ago Thanks heaps for your time and comment, I have successfully managed to ingest them into sof-elk. I did this by renaming the json files with _EvtxECmd_Output at the end of their names and for one of the files I had to change the permissions to allow full control for users.
philhagen
commented
2 years ago excellent!!! Glad it's working for you now.
Hi Phil,
We are having issues ingesting json files to sof-elk. We can see that the json files have been uploaded into the /logstash/kape/ directory on the sof-elk vm but no indices appear in index management.