[Bro] bro elasticsearch plugin + kibana indexing
Daniel Guerra
daniel.guerra69 at gmail.com
Sun Mar 5 04:28:46 PST 2017
It does work. You have to send data first.
Can you show your json output ?
> On 05 Mar 2017, at 11:22, Alex Kefallonitis <al.kefallonitis at gmail.com> wrote:
>
> I do patch src/ElasticSearch.cc ./ElasticSearch.cc.patch ./configure && make && make install . Load bro elasticsearch script and restart bro open kibana
>
> <image.png>
>
> 2017-03-05 12:14 GMT+02:00 Alex Kefallonitis <al.kefallonitis at gmail.com <mailto:al.kefallonitis at gmail.com>>:
> I try the patch too but still no timestamp appears i am using ELK 5.2.2
>
> 2017-03-05 10:27 GMT+02:00 Daniel Guerra <daniel.guerra69 at gmail.com <mailto:daniel.guerra69 at gmail.com>>:
> Try this
>
> https://github.com/danielguerra69/bro-debian-elasticsearch/blob/master/bro-patch/ElasticSearch.cc.patch <https://github.com/danielguerra69/bro-debian-elasticsearch/blob/master/bro-patch/ElasticSearch.cc.patch>
>
>
> > On 05 Mar 2017, at 02:57, Alex Kefallonitis <al.kefallonitis at gmail.com <mailto:al.kefallonitis at gmail.com>> wrote:
> >
> > ELK + Kibana not indexing bro logs
> >
> > Succesfully installed the plugin and ELK but when i add indexing bro-* , index time-field appears empty (@timestamp) so i cannot use bro logs with kibana search. Anyone have same issue?
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org <mailto:bro at bro-ids.org>
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170305/d5b00e40/attachment-0001.html
More information about the Bro
mailing list