Hi.
I am having a hard time trying to figure this out. I changed the default index name to suricata-ids.
Also, added this line in order to use this new index on the default dashboards.
But still, default dashboards are pointing to filebeat index.
Did you clean out the old dashboards and the run setup again.
Yes, already did that again
Interesting this is not working for me either.... even when I clean out and run setup.
This seems like a bug... perhaps you could file a bug report.
What I did do ... and you can for a workaround is
edit the visualizations jsons from the filebeat directory
kibana/7/dashboard/filebeat-suricata-alert-overview.json
kibana/7/dashboard/filebeat-suricata-event-overview.json
And replace the filebeat-* with your suricata-ids-*
That seems to work for me. Obviously this is a work around.
Also Please don't post screenshots of text some people can not read it and it can not be searched on nor can we cut-n-paste to test.
Note : I asked a question internally as well.
Thank you!
Problem solved. I will file a bug report
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.