Hi all, I was starting to explore attaching the output from osquery/Fleet to ELK, and was working through this guide: https://jordanpotti.com/2018/02/16/elk-osquery-kolide-fleet-love/ Unfortunately it seems a bit out of date so the results I’m getting aren’t quite right. I don’t suppose anyone has explored this more recently and could point me in the right direction?

You can check out how I connect everything in https://github.com/dactivllc/osquery-in-a-box.

nice @zwass do you have any particular Kibana config to share from that too? Dashboards/visualisations for example.

I do have some docs on a perf dashboard: https://dactiv.llc/blog/build-osquery-performance-dashboard/

interesting, thanks! I’ll give it a read to see what I can learn from it.