Hello team,
I am using Elastic Stack 5.2.2, I have been able to parse logs from Suricata to Logstash and Elasticsearch which displays in the Kibana Discover page as seen below:
But whenever I go to the Dashboard tab and insert the Visualization I want, I do not get any data found or showing.
Please can you kindly help me resolve this or tell me what to do 
I have been on this setup for nearly 3 days now... 
Hi @D3epDiv3r First Version 5.2 is soooo Old and EOL you are probably not going to get much help
Elastic Stack on 8.5.1. and this would probably all work out OOTB for you using the suricata module
If you are just getting started with Elastic this would be a much better option / approach
But the little help I can offer... because you did not show any details
You parsed the data in Logstash?, where did you get the dashboards and mappings?
Did you create a template / mapping?
Most likely the Dashboards are not using the same fields / field names / field types.. that you mapped ... so if you open / edit one of the visualizations you should be able to see that.
Maybe it is not even using the correct index?
Most likely you did not create a mapping so the fields are using the default mapping which creates 2 types a text and a keyword type and the visualization is not looking at the right fields.
Example your
stats.decode.bytes
really probably is a multi-field
stats.decode.bytes which is of type text <!--- Probably what the viz is looking for but is the wrong type.
and
stats.decode.bytes.keyword which is of type keyword which is probably the right type but not what this viz is looking for
Me I would get up to date 8.5.1 and use the filebeat module direct to Elasticsearch
Use the quick start for modules and get this all running much faster.
Hey yeah, the issue was with the map and timelines, I had to parse new logs to logstash and max the timeline to 5 years then it showed the data needed! Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
