In Splunk, it is possible to detect tampering of logs. Splunk will take an event at ingestion time and create a hash value based on the event and your certificates/keys. You can then write searches that will re-hash the event to be compared to the original to indicate if anything has changed. We need something like that.
How is that possible with elasticsearch? -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3b724745-88ac-4484-9d21-284ec28697a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
