Jas

[logs-from-kafka.txt](https://github.com/Cyb3rWard0g/HELK/files/5740371/logs-from-kafka.txt) Attaching logs from here: kafkauser@e71f29748d57:~/scripts$ /opt/helk/kafka/bin/kafka-console-consumer.sh --bootstrap-server helk-kafka-broker:9092 --topic zeek

this is exactly what I am doing. Saving the zeek logs as json and using filebeat to send them to kafka. Let me check the "message" field

@jibsonline Using your config I get this error. Am I missing something ? Installed /usr/lib/python2.7/site-packages/croniter-0.3.37-py2.7.egg Searching for configparser>=3.5.0 Reading https://pypi.org/simple/configparser/ Downloading https://files.pythonhosted.org/packages/3f/e7/9518720c56396179f8c63d7b5924c8463ed423828e54329be7f8cde5c364/configparser-5.0.1.tar.gz#sha256=005c3b102c96f4be9b8f40dafbd4997db003d07d1caa19f37808be8031475f2a Best match: configparser 5.0.1 Processing configparser-5.0.1.tar.gz Writing /tmp/easy_install-DYi9wW/configparser-5.0.1/setup.cfg...