Domain name missing in Http fields in packetbeat

tarunsapra · September 30, 2015, 3:16pm

Hi,

I am using packetbeat for network monitoring, in the JSON o/p of http requests I noticed that in the Http sniffing, the fields only contain the json data like -

           "method": "GET",
           "params": "",
           "path": "/news/xyzabc",

The query (GET /news/xyzbc) and Response time as well as the server IP is provided in the output but I can't find the field domain name. Am I missing something here or is it the expected output? As without domain name it would be hard to create graphs in Kibana for showing the sites visited. Thanks.

andrewkroh · September 30, 2015, 6:59pm

Hi @tarunsapra,

The domain name is sent in an HTTP request as the "Host" header. So you must enable this in your configuration. See Domain name missing in Http fields in packetbeat.

protocols:
  http:
    ports: [80, 8080, 8000, 5000, 8002]
    send_headers: ["Host"]

nile_black · March 7, 2016, 3:06pm

why i got just IP, not domain?

andrewkroh · March 7, 2016, 3:35pm

Please start a new thread for your issue.

Topic		Replies	Views
Dns log parsing and display in Kibana Beats packetbeat	3	481	August 26, 2020
Packetbeat agent not returning HTTP fields Beats packetbeat	2	828	September 14, 2017
Missing some fields in some document Beats beats-module , packetbeat	3	345	September 27, 2023
Cannot get all fields in Kibana Beats packetbeat	4	838	July 8, 2017
Packetbeat 5.0 doesn't export http traffic or Kibana doesn't display it Beats packetbeat	3	749	December 30, 2016

Domain name missing in Http fields in packetbeat

Related topics