Domain name missing in Http fields in packetbeat

(Tarunsapra) #1


I am using packetbeat for network monitoring, in the JSON o/p of http requests I noticed that in the Http sniffing, the fields only contain the json data like -

           "method": "GET",
           "params": "",
           "path": "/news/xyzabc",

The query (GET /news/xyzbc) and Response time as well as the server IP is provided in the output but I can't find the field domain name. Am I missing something here or is it the expected output? As without domain name it would be hard to create graphs in Kibana for showing the sites visited. Thanks.

(Andrew Kroh) #2

Hi @tarunsapra,

The domain name is sent in an HTTP request as the "Host" header. So you must enable this in your configuration. See Domain name missing in Http fields in packetbeat.

    ports: [80, 8080, 8000, 5000, 8002]
    send_headers: ["Host"]

(Nile Black) #3

why i got just IP, not domain?

(Andrew Kroh) #4

Please start a new thread for your issue.

(system) #5