Empty DNS Fields and Tables in Network View

pepperhat · July 25, 2019, 4:11pm

I have working with the new SIEM module in 7.2 and have been consuming Suricata data with the filebeat module. When reviewing the data in the SIEM view, some fields and tables are empty, where I would expect data to show up.

We have quite a bit of DNS traffic being analyzed by Suricata, and this data shows up in other sections of Kibana. Please let me know if there are troubleshooting steps I can take to resolve this, or if I'm misunderstanding what data should be in these fields.

Thanks!

cwurm · July 30, 2019, 8:21am

Hi @pepperhat - the Filebeat Suricata module does not fill most of these fields. I don't think DNS logs from Suricata contain things like packets and bytes?

system · August 27, 2019, 8:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.