PS C:\Program Files\Packetbeat> ./scripts/import_dashboards -es http://localhost:9200/
Failed to set the mapping: 400 Bad Request
Created temporary directory C:\Users\Mahe\AppData\Local\Temp\tmp300680327
Downloading https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-5.4.1.zip
Unzip archive C:\Users\Mahe\AppData\Local\Temp\tmp300680327
Importing Kibana from C:\Users\Mahe\AppData\Local\Temp\tmp300680327\beats-dashboards-5.4.1\filebeat
Importing Kibana from C:\Users\Mahe\AppData\Local\Temp\tmp300680327\beats-dashboards-5.4.1\heartbeat
Importing Kibana from C:\Users\Mahe\AppData\Local\Temp\tmp300680327\beats-dashboards-5.4.1\metricbeat
Importing Kibana from C:\Users\Mahe\AppData\Local\Temp\tmp300680327\beats-dashboards-5.4.1\packetbeat
Import directory C:\Users\Mahe\AppData\Local\Temp\tmp300680327\beats-dashboards-5.4.1\packetbeat/index-pattern
Import index to /.kibana/index-pattern/packetbeat-* from C:\Users\Mahe\AppData\Local\Temp\tmp300680327\beats-dashboards-5.4.1\packetbeat\index-pattern\packetbeat.json
Error importing URL/file: Failed to import index-pattern: Failed to load directory C:\Users\Mahe\AppData\Local\Temp\tmp300680327\beats-dashboards-5.4.1\packetbeat/index-pattern:
error loading C:\Users\Mahe\AppData\Local\Temp\tmp300680327\beats-dashboards-5.4.1\packetbeat\index-pattern\packetbeat.json: couldn't load json. Error: 400 Bad Request
ExitingWhich version of Elasticsearch and Beats are you using?
@adrisr 5.4.1
Try removing the slash at the end of the URL to Elasticsearch:
BAD: ./scripts/import_dashboards -es http://localhost:9200/
GOOD: ./scripts/import_dashboards -es http://localhost:9200
@adrisr
I tried that but still get this error.
PS C:\Program Files\Packetbeat> ./scripts/import_dashboards -es http://localhost:9200
Failed to set the mapping: Put http://localhost:9200/.kibana/_mapping/search: dial tcp 127.0.0.1:9200: connectex: No connection could be made because the target machine actively refused it.
Created temporary directory C:\Users\Mahe\AppData\Local\Temp\tmp674146087
Downloading https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-5.4.1.zip
Unzip archive C:\Users\Mahe\AppData\Local\Temp\tmp674146087
Importing Kibana from C:\Users\Mahe\AppData\Local\Temp\tmp674146087\beats-dashboards-5.4.1\filebeat
Importing Kibana from C:\Users\Mahe\AppData\Local\Temp\tmp674146087\beats-dashboards-5.4.1\heartbeat
Importing Kibana from C:\Users\Mahe\AppData\Local\Temp\tmp674146087\beats-dashboards-5.4.1\metricbeat
Importing Kibana from C:\Users\Mahe\AppData\Local\Temp\tmp674146087\beats-dashboards-5.4.1\packetbeat
Import directory C:\Users\Mahe\AppData\Local\Temp\tmp674146087\beats-dashboards-5.4.1\packetbeat/index-pattern
Import index to /.kibana/index-pattern/packetbeat-* from C:\Users\Mahe\AppData\Local\Temp\tmp674146087\beats-dashboards-5.4.1\packetbeat\index-pattern\packetbeat.json
Error importing URL/file: Failed to import index-pattern: Failed to load directory C:\Users\Mahe\AppData\Local\Temp\tmp674146087\beats-dashboards-5.4.1\packetbeat/index-pattern:
error loading C:\Users\Mahe\AppData\Local\Temp\tmp674146087\beats-dashboards-5.4.1\packetbeat\index-pattern\packetbeat.json: couldn't load json. Error: Put http://localhost:9200/.kibana/index-pattern/packetbeat-*: dial tcp 127.0.0.1:9200: connectex: No connection could be made because the target machine actively refused it.
ExitingNow it's a different error.
Error: Put http://localhost:9200/.kibana/index-pattern/packetbeat-*: dial tcp 127.0.0.1:9200: connectex: No connection could be made because the target machine actively refused it.
It seems that there is no elasticsearch running at localhost:9200
@adrisr i there was an issue with that's resolved and the dashboard has been set,but i get this error.
Also in the command prompt where i am starting the packetbeat it says no non zero metrics in last 30 seconds
i can't see any of the traffic that i am generating
Can you please go to Dev Tools on the left pane and list the existing indices using following query:
GET /_cat/indices?v
There are no packetbeat indices. This and the lack of metrics means that packetbeat is not sending any events to Elasticsearch.
I would say that it is not capturing any traffic. From which interface are you capturing traffic? It is the value of the packetbeat.interfaces.device field in packetbeat.yml.
To configure the proper interface on Windows, you have to run:
packetbeat -devices
It will print a list of devices similar this this one:
0: \Device\NPF_{113535AD-934A-452E-8D5F-3004797DE286} (Intel(R) PRO/1000 MT Desktop Adapter)
1: \Device\NPF_NdisWanBh (NdisWan Adapter) (Not assigned ip address)
2: \Device\NPF_{DD2F4800-0DEB-4A98-A302-0777CB955DC1} (AsyncMac Adapter) (Not assigned ip address)
3: \Device\NPF_{8E8A32C0-6E4D-46ED-9723-9D656A26D1F5} (EMULEX) (12.54.18.145)
4: \Device\NPF_NdisWanIpv6 (NdisWan Adapter) (Not assigned ip address)
5: \Device\NPF_{83485D06-422D-4558-AC88-5D0EB800BB1C} (MS LoopBack Driver) (fe80::ezeb:459b:61a4:c175 0.0.0.0)
Pick the interface you're interested in and configure it by using its index:
packetbeat.interfaces.device: 4
If you want to capture from the loopback interface read this:
https://www.elastic.co/guide/en/beats/packetbeat/current/faq.html#packetbeat-loopback-interface
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.