Filebeat Module - Umbrella - Parsing not usable Data

elasticband · September 30, 2021, 9:48pm

Hey Everyone,

I have had pretty decent luck with the Filebeat modules, I currently use multiple Cisco ingestions (ASA, FTD, Meraki), and I have the Umbrella information being recognized and parsed; however I really do not see any usable data. It is shows me the file name, path, aws url... but not a whole lot more.

I believe I am on version 5 of the Umbrella DB. Would love anyone comment at what I could start looking at. I am assuming this is working for some of you.

Kibana File look:

Another Kibana look:

system · October 28, 2021, 11:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

jamie.hynds · November 1, 2021, 12:59pm

Hey @elasticband - could you please share your Filebeat logs so we can look for any relevant errors?

@Marius_Iversen could Umbrella v5 be an issue here? Presumably not, but just incase.