Filebeat Module - Umbrella - Parsing not usable Data

elasticband · September 30, 2021, 9:48pm

Hey Everyone,

I have had pretty decent luck with the Filebeat modules, I currently use multiple Cisco ingestions (ASA, FTD, Meraki), and I have the Umbrella information being recognized and parsed; however I really do not see any usable data. It is shows me the file name, path, aws url... but not a whole lot more.

I believe I am on version 5 of the Umbrella DB. Would love anyone comment at what I could start looking at. I am assuming this is working for some of you.

Kibana File look:

Another Kibana look:

system · October 28, 2021, 11:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

jamie.hynds · November 1, 2021, 12:59pm

Hey @elasticband - could you please share your Filebeat logs so we can look for any relevant errors?

@Marius_Iversen could Umbrella v5 be an issue here? Presumably not, but just incase.

Topic		Replies	Views
Filebeat suricata Beats beats-module , filebeat	10	892	June 28, 2022
Filebeat is running fine but no data showing in dashboard Beats filebeat	2	539	October 13, 2020
Filebeat Cisco ASA Module failing to parse Beats filebeat	12	585	December 29, 2020
Cannot get Cisco Filebeat module to work Kibana	14	2153	December 29, 2021
Winlogbeat data missing Beats winlogbeat	6	918	August 18, 2022

Filebeat Module - Umbrella - Parsing not usable Data

Related Topics