parsedmarc icon indicating copy to clipboard operation
parsedmarc copied to clipboard

Published 20 hours ago verified publisher icon domainaware

Fields in Kibana dashboard not in exported CSV

Open Sakorah opened this issue 4 years ago • 5 comments

Hi,

I have parsedmarc up and running and get now the data in the CSV files and ingest these further into Elasticsearch. I tried to use the provided Kibana dashboards but the fields in the visualisations do not match the fields available in the CSV.

Some fields are missing like: message_count passed_dmarc date_range

Where do these values come from?

Sakorah avatar Mar 08 '21 15:03 Sakorah

Some fields are missing like: message_count passed_dmarc date_range

Did you manage to find a fix for that? I have the same issue at the moment.

Ejento avatar Dec 29 '21 10:12 Ejento

unfortunately not, but I didn't had time to investigate this further.

Sakorah avatar Dec 29 '21 10:12 Sakorah

The Kibana dashboards are based on data sent to Elasticsearch directly by the parsedmarc script, not by ingesting the CSV, which uses different fields.

seanthegeek avatar Dec 29 '21 11:12 seanthegeek

alright, I thought that the output to CSV/JSON has the same content as to Elasticsearch - but that's not the case is it? Is the output to Splunk the same as to ES? Cause I cannot directly connect any client to ES, I need to run all incoming events through Logstash.

Sakorah avatar Dec 29 '21 11:12 Sakorah

The JSON should be the same

seanthegeek avatar Jan 05 '22 13:01 seanthegeek