Empty DNS Fields and Tables in Network View

pepperhat · July 25, 2019, 4:11pm

I have working with the new SIEM module in 7.2 and have been consuming Suricata data with the filebeat module. When reviewing the data in the SIEM view, some fields and tables are empty, where I would expect data to show up.

We have quite a bit of DNS traffic being analyzed by Suricata, and this data shows up in other sections of Kibana. Please let me know if there are troubleshooting steps I can take to resolve this, or if I'm misunderstanding what data should be in these fields.

Thanks!

cwurm · July 30, 2019, 8:21am

Hi @pepperhat - the Filebeat Suricata module does not fill most of these fields. I don't think DNS logs from Suricata contain things like packets and bytes?

system · August 27, 2019, 8:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat module's fields in SIEM columns SIEM	2	427	April 2, 2021
No data in suricata dashboard Beats filebeat	7	514	February 20, 2024
Zeek dns logs show only as zeek.notice leaving dns fields empty SIEM beats-module	1	980	December 11, 2019
The suricata results shown on the [filebeat dashboard] are different from the results shown in the [security -> alerts] on kibana SIEM	2	50	October 29, 2024
Empty column "Last failed source" Kibana	5	289	April 10, 2020

Empty DNS Fields and Tables in Network View

Related topics