Discover Can't Show data (Panw Module Filebeat)

Xenial · January 14, 2022, 4:15pm

Hi All,

I've configured the ELK system for monitoring Palo Alto Log using Filebeats Modules PANW.

i check the data index management is real time counting and grow, but when i go to Discover not showing any data.

IndexPattern

Index Management

Thankyou All

stephenb · January 14, 2022, 4:39pm

@Xenial welcome to the community!

Go To Discover Select filebeat-* index pattern and increase the time range to say last 30 days.

Do you see anything?

Xenial · January 17, 2022, 11:38am

Hello @stephenb , thankyou for your respond.

Today i've check my server, now data from Palo Alto log show on discover.
But i see the timestamp is wrong, timestamp not same in the real Time.

Time Stamp

Note: Redline is the real time on my country

stephenb · January 18, 2022, 4:26pm

What is your setting here.

NOTE :

All Date Fields are stored and UTC in Elasticsearch, however they can be ingested improperly if the original message / ororiginating system does not include / have the proper timezone
Date / Timestamp fields are displayed in Kibana according to the browser timezone setting (default)

Xenial · January 19, 2022, 6:49am

Thankyou Very Much @stephenb , now my data from module PANW looks great.

Thankyou

system · February 16, 2022, 6:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ELK 6.7.0. Kibana doesn't show real time data Kibana	4	578	June 10, 2019
Not able to see latest logs in discover in kibana Kibana	11	3490	January 5, 2021
Documents not showing up in Discover, but are showing up in queries in Dev Tools Kibana	11	1474	September 1, 2022
Both Visualization tools and discover tab are showing nothing Kibana discover	3	33	July 15, 2024
Elasticsearch not showing data to Kibana on Centos 8 Elasticsearch	9	852	November 4, 2020