I'm using Packetbeat to capture traffic between hosts, as below, with the filter "final=true".
Just downloaded a 2.4 GB file and it indeed appeared in my query for the last 15m, which is good.
But, if I query for the last 4h, my entry does not show up at all any longer, while other hosts that transferred only 500MB, 100MB, etc. appear during the last 4h.
What I expected was to see my entry appearing in 15m, 30m, 1h, and even in 4h, because my 2.4 GB download is supposed to be the heaviest traffic for the last 4h.
Could an expert please explain this behavior so that it'd make sense?
Obviously the data are available in Elasticsearch. Don't think this is related to beats, but some filters/configs in Kibana.
In kibana 1. use the discovery tool, 2. set time-range that contains your download 3. open one document and select some fields to create a tabular overview (include source.stats.net_bytes_total in this list). 4. Use tabular view to sort entries by size -> entry should be shown.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
