Domain name missing in Http fields in packetbeat

Hi,

I am using packetbeat for network monitoring, in the JSON o/p of http requests I noticed that in the Http sniffing, the fields only contain the json data like -

           "method": "GET",
           "params": "",
           "path": "/news/xyzabc",

The query (GET /news/xyzbc) and Response time as well as the server IP is provided in the output but I can't find the field domain name. Am I missing something here or is it the expected output? As without domain name it would be hard to create graphs in Kibana for showing the sites visited. Thanks.

1 Like

Hi @tarunsapra,

The domain name is sent in an HTTP request as the "Host" header. So you must enable this in your configuration. See Domain name missing in Http fields in packetbeat.

protocols:
  http:
    ports: [80, 8080, 8000, 5000, 8002]
    send_headers: ["Host"]
1 Like

why i got just IP, not domain?

Please start a new thread for your issue.