Documentation needs updating #420
Description
I'm currently creating an index template per dataset, which includes both component templates.
For example, index template logs-endpoint.alerts-<customer>.<class> includes both component templates logs-endpoint.alerts@package and logs-endpoint.alerts@custom.
I've had some errors while adding and I've been going through the integration documentation for Endpoint and there's something I believe is incomplete.
For the data type logs, according to the documentation, we have the following datasets:
alerts
file
network
...
What I see in my Elastic cluster though, is that the index templates and their index patterns are not exactly like this. They're more like:
alerts -> alerts
file -> events.file
library -> events.library
network -> events.network
...
It also seems events.api is missing here as well.
I think an update of the documentation is needed here to show the real datasets used here.