Domain name missing in Http fields in packetbeat

tarunsapra · September 30, 2015, 3:16pm

Hi,

I am using packetbeat for network monitoring, in the JSON o/p of http requests I noticed that in the Http sniffing, the fields only contain the json data like -

           "method": "GET",
           "params": "",
           "path": "/news/xyzabc",

The query (GET /news/xyzbc) and Response time as well as the server IP is provided in the output but I can't find the field domain name. Am I missing something here or is it the expected output? As without domain name it would be hard to create graphs in Kibana for showing the sites visited. Thanks.

andrewkroh · September 30, 2015, 6:59pm

Hi @tarunsapra,

The domain name is sent in an HTTP request as the "Host" header. So you must enable this in your configuration. See Domain name missing in Http fields in packetbeat.

protocols:
  http:
    ports: [80, 8080, 8000, 5000, 8002]
    send_headers: ["Host"]

nile_black · March 7, 2016, 3:06pm

why i got just IP, not domain?

andrewkroh · March 7, 2016, 3:35pm

Please start a new thread for your issue.