Dashboard with a mix of filebeat/packet indices

Rodrigo_Jimenez · August 22, 2018, 8:07pm

Hi!
Recently we had an issue with an app. This app is deployed on a server with filebeat and packetbeat configured. This means that the error log of this app is shipped to an index and packetbeat to another.
I wanted to create a dashboard that would let me see the errors and traffic generated by this problematic app. The problem that I see with a dashboard with visualization from different indices is that I cant apply filters without breaking half of my data.
Say that I want to filter only HTTP packetbeat data; I would click the field showing packetbeat data and that would work, but! would show no docs from the filebeat index (since no protocol or port field would exist)

I don't think that the filebeat should contain traffic related fields, and.. viceversa.

Any idea of which could be the right approach for this issue...?

Thanks!

spalger · August 23, 2018, 2:40pm

Unfortunately there isn’t any way to do this, but I know there is a good amount of work going on behind the scenes to make this possible. Track https://github.com/elastic/kibana/issues/5647 for updates.

Rodrigo_Jimenez · August 23, 2018, 2:53pm

Ok, I did my +1's
Thanks!

system · September 20, 2018, 2:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Packetbeat Dashboard Help Beats packetbeat	2	733	November 26, 2018
Kibana Visualisation and Dashboard Issue Kibana	5	463	April 17, 2018
Filebeat index exists but Dashboard says no Kibana	4	366	March 31, 2020
Flows dashboard unexpected behaviour Beats packetbeat	1	331	April 25, 2019
Kibana: What's Next? Kibana	5	5541	May 12, 2017

Dashboard with a mix of filebeat/packet indices

Related topics