My scenario is:
I have logstash and it listen to a UDP port and input{} is listen to this port and it get Fortigate logs.I have a filter and ship my data to opensearch.
Data have been stored. and I can search in opensearch. but some srcip or dstip is inavailabale.
NOTES:
I jasonize my log via filter.
How can I brose all of my opensearch data via ui?
For example:
tcpdump -i ens192 -A 'udp' |grep "172.16.57.225" |grep -i RDP |grep '192.168.20.9'
I can see output, But my data can’t store or not i don’t know, in another hand I see many data with other srcip and dstip in my opensearch.
I don’t have srcip: “192.168.20.9” and service: “RDP”