Do you have any HTTP events with type: http in the packetbeat index? Have you check any flows with supposed HTTP port numbers exist? Have you tried to reload the index in kibana?
Does packetbeat gets to see actual unencrypted HTTP traffic? You can a dump all packets being processed by packetbeat into a pcap file for inspection with wireshark (I can't recall the CLI flag right now, just run packetbeat with -h). Enabling debug logging (-d '*') will print potential errors if HTTP parsing/processing fails.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.