I have the following code under the correlation event tab in kibana:
sequence by @timestamp
[packetbeat
where http.response.body.content == "*"
and network.direction == "*"]
[filebeat
where nginx.access.response_code == "*"
and nginx.access.geoip.country_name == "*"]
The query looks ok, but no results are given back when testing.
Any help, please?
I mean, if it s something that i am doing extremely wrong, then please tell me and Iwill try and correct it.
Just checking, with by @timestamp: you expect these events to be logged with exactly the same timestamp?
Also, the == "*" you expect this exact content, or are those placeholders for some other values? As it's not acting as a wildcard.
Do you have example of docs that should match that query?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.