Logging Issue as soon as I deploy velo on 2.3.90

[Xboarder56]

I'm pretty sure the velo deployment is the root cause. I took a snapshot prior to deployment but shortly after deploying velo on a clean SO instance all my logs stop working in elastic/SOC dashboard including hunt. I'm not entirely sure of the cause. so-status shows green and I made a ticket over on the discussion forums there when it first happened after an upgrade.

Velo installs and works correctly but the remaining security onion stack has issues. I'm thinking either Logstash or elastic (not familiar enough with how it all integrates)

[weslambert]

Thanks for reporting! This is probably because the manager or search pipeline is failing (pipeline will fail, but Logstash will still be running and show as OK). It's likely something to do with the Logstash configuration. I'll take a look.

[Bal33p]

I am experiencing the same issue
installing VR blew away all of my third-party filebeat firewall settings then would break minion
I finally got it installed and now none of my indexes show data in soc since the day I installed it back on 1/14/22