Install Snort 3.0/Snort++
Viewing posts for the category Elasticsearch
When elasticsearch was not properly stopped, sometime we will get a status of RED because the active shard is less than 50%. Even waiting for a few hours, the shard can not recover to more than 50%
Map view in kibana is very handy!