i got this on kibana logs
how to fix it so kibana logs can work?
failed to format message from /var/log/suricata/eve.json
Can you post the whole error message? this is very vague right now.
That looks part of the Logs UI. I guess you're ingesting logs from suricata with Filebeat. It looks like a Filebeat processing error. You need to check what processor it's using and figure the errors out from there. There should be more info in the Filebeat error logs.
i am using suricata module on filebeat module
filebeat modules enable suricata
What is in the Filebeat logs? You have to start there. This is not a kibana issue, kibana only displays data and that's the data Filebeat ingests when there's an error. Make sure the configurations are ok and that the suricata logs are in the default place (otherwise you can specify another on in the filebeat configs).
when not enabling suricata, it looks like this
but when activating suricata, it's like this again
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.