I am following this tutorial and trying to send tshark captures to ELK.
https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana
I am required to create an elasticsearch mapping but am confused as to what this is. Does this mean to create an index template like below
packets-index_pattern.json
PUT _template/packets
{
"template": "packets-*",
"mappings": {
"pcap_file": {
"dynamic": "false",
"properties": {
"timestamp": {
"type": "date"
},
"layers": {
"properties": {
"frame": {
"properties": {
"frame_frame_len": {
"type": "long"
},
"frame_frame_protocols": {
"type": "keyword"
}
}
},
"ip": {
"properties": {
"ip_ip_src": {
"type": "ip"
},
"ip_ip_dst": {
"type": "ip"
}
}
},
"udp": {
"properties": {
"udp_udp_srcport": {
"type": "integer"
},
"udp_udp_dstport": {
"type": "integer"
}
}
}
}
}
}
}
}
}
So far I have created a file called packets-index_pattern.json and tried to upload it to Elasticsearch using the below, however I get an error saying status 400 curl: (6) could not resolve host: Content-Type
curl -XPUT 'localhost:9200/_template/packets-?pretty' -H 'Content-Type: application/json'
Any help glady accepted