scirius icon indicating copy to clipboard operation
scirius copied to clipboard

Published 20 hours ago verified publisher icon StamusNetworks

Fields for ES data storage?

Open scurvy opened this issue 8 years ago • 1 comments

What's the expected format or field names for ElasticSearch integration? We're using heka to parse eve.json and throw it directly into ES 1:1 based on JSON key names. I'm having some issues getting the ES integration to work in Scirius and would appreciate some guidance here. Scirius shows a green tile for ElasticSearch and can see all of the indices. However, it cannot display any of the event data.

scurvy avatar Feb 09 '17 23:02 scurvy

Hi ,

Can you describe your set up in a bit more detail? In general there is no expected format - it is nativaly parsing json.

Have you changed the hostname of the box that runs Scirius - https://github.com/StamusNetworks/SELKS/wiki/Initial-Setup---HOSTNAME ?

Thanks

On Fri, Feb 10, 2017 at 12:53 AM, Richard Hesse [email protected] wrote:

What's the expected format or field names for ElasticSearch integration? We're using heka to parse eve.json and throw it directly into ES 1:1 based on JSON key names. I'm having some issues getting the ES integration to work in Scirius and would appreciate some guidance here. Scirius shows a green tile for ElasticSearch and can see all of the indices. However, it cannot display any of the event data.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

-- Regards, Peter Manev

pevma avatar Feb 10 '17 08:02 pevma