Lucjan Modzel

Hi, Yes, you're right. In fact the sample file consists of two separate JSON documents joined together. You can split it on line 61 and verify separately both part against...

Make sure you use appropriate parameters for your log (e.g. json format of modsecurity version). You can try to run on smaller subset of log. E.g. limit modsec_audit.log to first...

Sorry for late reply but I haven't got any file and thought that problem was connected with the file. I noticed that you used incorrect parameters. Please use the following...

Ahh, haven't noticed ValuError before. Try to replace line from modsecurity_parser.py from: ` LOG_TIMESTAMP_FORMAT = '%d/%b/%Y:%H:%M:%S %z' ` to following one: ` LOG_TIMESTAMP_FORMAT = '%d/%b/%Y:%H:%M:%S.%f %z' `

Seems that from version 9.3 SonarQube added native support for Prometheus metrics for all editions. https://www.sonarqube.org/sonarqube-9-3/ You can find details here: https://docs.sonarqube.org/latest/instance-administration/monitoring/ Check endpoint /api/monitoring/metrics

1. There is an error in instruction it should be: cat filebeat/etc/fields.yml >> /etc/filebeat/fields.yml 2. If still there are errors I suggest to use elk stack 7.3 or 7.8 3....

I think the problem is with newest matplotlib. Can you check if you are using recommended versions of python packages? You can always try to use docker version

Can you provide me command line options you used? For the first time when error was generated and when it works? I will add it to test cases.

Well, json output for modsecurity3 is much different than modsecurity3. Current parser doesn't work for version3 + json output. I am going to implement this case soon.

There is a part in pipeline which gets IP address for destination and transform it into geoip fields. Usually the problem happens when filebeat instance already sent something to store...