Hello, would like to ask any update on documenting the data ingestion methodology for SA?
I’m not sure weather I have to keep use elastic products like winlogbeat for Windows and AD, logstash with syslog plugin for Network, WAF, and logstash with netflow plugin for netflow?
Any other ideas for this kind of ingestion method? For example, by using data prepper? However, it seems do not support syslog or netflow. Or install opentelementry collector in Windows to collect Windows metric?
Any successful ingestion case here?