mliu1212

What is the logstash.config file that you use for these dashboards? I tried a modified version from https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output but Kibana (4.6) only seems to find the logstash-* index - I...

Thanks I will try that out. Quick question - is your input file not coming from suricata eve.json? I noticed you are using beats.

Ah so your filebeat configuration has the eve.json as the input, and logstash as the output?