No data sources?

Hi. I’m new to OpenSearch, using version 2.13.0 linux x64. There is a couple of questions.

I have some Windows logs i need to process with Sigma rules. In my infrastructure, i get them offline via HDDs. OpenSeach has a set of Sigma rules for Windows logs in Security Analytics plugin.

1. Can i use OpenSeach in such way - getting logs via local files directly, not via network or something?

2. According to docs, i should use Data sources page in Dashboards Management, but there is no such page. Why, what should i do to make it appear?
   

Hey @Fred4642

One of the ways to ingest local files is to use Fluent Bit:
https://opensearch.org/docs/latest/observing-your-data/log-ingestion/ .

There is the tail input plugin for FluentBit that allows you to get data from one or a few files:

An example of the output plugin’s configurations for Fluent Bit you can find here:

2. Data sources is under Management section, docs will be updated.

image692×818 34.6 KB

Hey @Fred4642

To use multiple data sources, you must enable the data_source.enabled setting. It is disabled by default. To enable multiple data sources:

Open your local copy of the OpenSearch Dashboards configuration file, opensearch_dashboards.yml.

Set data_source.enabled: to true and save the YAML file.
Restart opensearch-dashboards service.