StamusNetworks
dashboard names not found (+ instead of %20)
Hi,
Due to the spaces in the name of the dashboards, they cannot be found in the most recent version of kibana (i believe its 5.5)
Additionally, it would be really awesome if the index names could be adjusted easily ;)
Thanks!
Indeed.We will upgrade the naming soon. I just need to finish confirming the tests complete ok.
Thanks!
What I also notice is that the geoip.location fields are converted from geo_point tot number (float) which results in a broken GeoMap in most scenarios. Im using filebeat to transport my eve.json log into elasticsearch.
Is that index side or elsewhere?
2017-05-17 15:03 GMT+02:00 Peter Manev [email protected]:
Indeed.We will upgrade the naming soon. I just need to finish confirming the tests complete ok.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StamusNetworks/KTS5/issues/1#issuecomment-302083379, or mute the thread https://github.com/notifications/unsubscribe-auth/AGA5zg_cAnjwJzXYJvG7ifYRrh1jNw4uks5r6vAngaJpZM4NdxDZ .
I have updated the git master with a fix for the naming - please feel free to try out and feedback. GeoIP maps seem to work in my case. There is a template in /etc/logstash/ that is used. I also just updated the SELKS4 dev branch here - https://github.com/StamusNetworks/SELKS/tree/SELKS4-dev
I don't use that. I have several stand alone clients that require filebeat. (Hence why I like toto be able to change the index name)
I'll check on the logstash samples. It will probably be a booboo on my end...
Op 17 mei 2017 5:04 p.m. schreef "Peter Manev" [email protected]:
I have updated the git master with a fix for the naming - please feel free to try out and feedback. GeoIP maps seem to work in my case. There is a template in /etc/logstash/ that is used. I also just updated the SELKS4 dev branch here - https://github.com/StamusNetworks/SELKS/tree/SELKS4-dev
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StamusNetworks/KTS5/issues/1#issuecomment-302119713, or mute the thread https://github.com/notifications/unsubscribe-auth/AGA5zvMZIJ3Bx4xp82LE7nsgkK6Uor4Yks5r6wx_gaJpZM4NdxDZ .
I meant to say -- i upgraded the s3-s4 script in master - https://github.com/StamusNetworks/SELKS/commit/d2f8d2c74c20b9b19878a4a0d995f8ff3cff44b1 so you could look there too and see if it would be of help.
The load.sh file fails right now due to a strange single quote in the Curl command: curl -H '"Content-Type:' 'application/json"' -XPOST 'http://127.0.0.1:9200/.kibana/index-pattern/logstash-alert-' -d '@dashboards/index-pattern/logstash-alert-.json'
right after content-type: the 2 quotes make the curl request fail.
@ geo_point: From all of the documentation i'm reading, it could be caused due to the absence of a template json for the indices. Apparently filebeat loves to overwrite the default set stuff. Fixing it with a template in elasticsearch should do the trick.
@myrinx - ok noted - thanks for testing and the feedback! The load script should be fixed in the latest git master. Also added a template in the upgrade/iso creation git trees for testing the SELKS4 upgrade/ISO creation. Please let me know of any feedback.