I’m going to prefece this by saying that I’m incredibly new to opendistro and elastic in general. So please chalk up any misconception I may have to that.
The question I have that first I asked on the meet-up meeting a few weeks back is around ingestion of log messages from Cisco ASA firewalls. We are looking to migrate from splunk over to opendistro and I discovered that the pre-configured ingestions with filebeats for ASA logs from elastic to be part of the x-pack features. So not compatible with opendistro…
Before we dive into creating our own ingestion pipeline for processing these messages from scratch, I was hoping to see if anyone had already started this work. Based on feedback at the meetup we are thinking that extracting and mapping fields to the elastic common schema would be the right way to go but prefer not to re-invent the wheel if possible.