Filebeat modules Threatintel "Exiting: module threatintel is configured but has no enabled filesets"

Silver137 · May 6, 2022, 7:42am

I'm trying to activate the threatintel filebeat module for mining some data of otx alienvault, my module configuration looks like:

- module: threatintel
  otx:
    enabled: true
    var.input: httpjson
    var.url: https://otx.alienvault.com/api/v1/indicators/export
    var.api_token:  TOKEN
    var.first_interval: 24h
    var.lookback_range: 2h
    var.interval: 60m

But when trying to setup the module:

./filebeat setup --modules threatintel

Exiting: module threatintel is configured but has no enabled filesets

The module worked well on 7.15.0, now on 8.2 gives me the error above.

ibra_013 · May 6, 2022, 10:36am

Hi,

did you run the command ?

filebeat modules enable threatintel

Silver137 · May 17, 2022, 8:23am

Solved. some modules now not requires run the setup script to work. Works directly executing filebeat and puts the pipelines and templates if not set yet on Elasticsearch.

ryuseongryong · May 18, 2022, 6:10am

hello, I setup my filebeat on kubernetes.

and I need kafka module but still not find references.
and every run returns to me error
"module kafka is configured but has no enabled filesets"

please explain more information, detail

Silver137 · May 19, 2022, 10:33am

It's no the same module, I simple configured my threatintel module as doc says. But i have no idea about kafka module

ryuseongryong · May 20, 2022, 12:47am

thank you. I found the cause my kafka version is latest so module does not support.