I'm working with Filebeat and Cisco Module in a Lab. I am ingesting data from Cisco AMP, everything work as expected , but I getting this error in Filebeat logs.
Weird. What version of filebeat? That error arises when you only put the FQDN in the url field without the scheme, http:// or https://. Based on what I can see you have a good url. But to be safe, can you post your config?
filebeat version 7.13.2 (amd64), libbeat 7.13.2 [686ba416a74193f2e69dcfa2eb142f4364a79307 built 2021-06-10 21:04:13 +0000 UTC]
Cisco module configuration cisco.yml
- module: cisco
asa:
enabled: false
ftd:
enabled: false
ios:
enabled: false
nexus:
enabled: false
meraki:
enabled: false
umbrella:
enabled: false
amp:
enabled: true
# Set which input to use between httpjson (default) or file.
var.input: httpjson
# The API URL
var.url: https://api.amp.cisco.com/v1/events
# The client ID used as a username for the API requests.
var.client_id: "xxx"
# The API key related to the client ID.
var.api_key: "xxxx"
# How far to look back the first time the module is started. Expects an amount of hours.
var.first_interval: 26280h
# Overriding the default request timeout, optional.
var.request_timeout: 300s
var.interval: 5m
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.