I need help the map is not working properly

Elastic Stack Beats
1

so long story shor i have try almost everything but the map is not showing any thing, the map is there but is not showing any data on it, im able to see all my logs on discovery but the map is not doing anything. i need help please and thank you. i have elasticsearch, kibana, filebeat and suricata on the same os machine im using ubuntu

this is my zeek.yml file

# Module: zeek

# Docs: Zeek (Bro) Module | Filebeat Reference [7.16] | Elastic

- module: zeek

capture_loss:

enabled: true

var.paths: ["/opt/zeek/logs/current/capture_loss.log"]

connection:

enabled: true

var.paths: ["/opt/zeek/logs/current/conn.log"]

dce_rpc:

enabled: true

var.paths: ["/opt/zeek/logs/current/dce_rpc.log"]

dhcp:

enabled: true

var.paths: ["/opt/zeek/logs/current/dhcp.log"]

dnp3:

enabled: true

var.paths: ["/opt/zeek/logs/current/dnp3.log"]

dns:

enabled: true

var.paths: ["/opt/zeek/logs/current/dns.log"]

dpd:

enabled: true

var.paths: ["/opt/zeek/logs/current/dpd.log"]

files:

enabled: true

var.paths: ["/opt/zeek/logs/current/files.log"]

ftp:

enabled: true

var.paths: ["/opt/zeek/logs/current/ftp.log"]

http:

enabled: true

var.paths: ["/opt/zeek/logs/current/http.log"]

intel:

enabled: true

var.paths: ["/opt/zeek/logs/current/intel.log"]

irc:

enabled: true

var.paths: ["/opt/zeek/logs/current/irc.log"]

kerberos:

enabled: true

var.paths: ["/opt/zeek/logs/current/kerberos.log"]

modbus:

enabled: true

var.paths: ["/opt/zeek/logs/current/modbus.log"]

mysql:

enabled: true

var.paths: ["/opt/zeek/logs/current/mysql.log"]

notice:

enabled: true

var.paths: ["/opt/zeek/logs/current/notice.log"]

ntlm:

enabled: true

var.paths: ["/opt/zeek/logs/current/ntlm.log"]

ntp:

enabled: true

var.paths: ["/opt/zeek/logs/current/ntp.log"]

ocsp:

enabled: true

var.paths: ["/opt/zeek/logs/current/oscp.log"]

pe:

enabled: true

var.paths: ["/opt/zeek/logs/current/pe.log"]

radius:

enabled: true

var.paths: ["/opt/zeek/logs/current/radius.log"]

rdp:

enabled: true

var.paths: ["/opt/zeek/logs/current/rdp.log"]

rfb:

enabled: true

var.paths: ["/opt/zeek/logs/current/rfb.log"]

signature:

enabled: false

var.paths: ["/opt/zeek/logs/current/signature.log"]

sip:

enabled: true

var.paths: ["/opt/zeek/logs/current/sip.log"]

smb_cmd:

enabled: true

var.paths: ["/opt/zeek/logs/current/smb_cmd.log"]

smb_files:

enabled: true

var.paths: ["/opt/zeek/logs/current/smb_files.log"]

smb_mapping:

enabled: true

var.paths: ["/opt/zeek/logs/current/smb_mapping.log"]

smtp:

enabled: true

var.paths: ["/opt/zeek/logs/current/smtp.log"]

snmp:

enabled: true

var.paths: ["/opt/zeek/logs/current/snmp.log"]

socks:

enabled: true

var.paths: ["/opt/zeek/logs/current/socks.log"]

ssh:

enabled: true

var.paths: ["/opt/zeek/logs/current/ssh.log"]

ssl:

enabled: true

var.paths: ["/opt/zeek/logs/current/ssl.log"]

stats:

enabled: true

var.paths: ["/opt/zeek/logs/current/stats.log"]

syslog:

enabled: true

var.paths: ["/opt/zeek/logs/current/syslog.log"]

traceroute:

enabled: true

var.paths: ["/opt/zeek/logs/current/traceroute.log"]

tunnel:

enabled: true

var.paths: ["/opt/zeek/logs/current/tunnel.log"]

weird:

enabled: true

var.paths: ["/opt/zeek/logs/current/weird.log"]

x509:

enabled: true

var.paths: ["/opt/zeek/logs/current/x509.log"]

# Set custom paths for the log files. If left empty,

# Filebeat will choose the paths depending on your OS.

#var.paths:

and im following this lab

2

Welcome to the community!

Have you:

  • Enable module(s)? Check by the cmd: filebeat modules list
  • Set ES and Kibana connection? In filebeat.yml, as well as the network connectivity by telnet or the cmd: filebeat test output
  • Setup ingest pipeline/dashboard from FB to Kib?
  • Checked FB logs? If you haven't set, check here, then restart FB and check logs, should be a trace.