Index ASA logs

pankaj · July 29, 2015, 7:18pm

I am trying to setup ELK for ASA logs , issue I am facing is parsing ASA logs. Any help will be appreciated.

I am getting following error message

"No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: ip"

Thanks
Pankaj

HelpComputer · July 29, 2015, 8:56pm

Maybe this will help.
https://jackhanington.com/blog/2015/06/16/send-cisco-asa-syslogs-to-elasticsearch-using-logstash/

pankaj · July 30, 2015, 3:56am

Still not able to index IP field

name
_index
_type
geoip.location
@version
_source
_id
raw_message
type
path
host
syslog_host.raw
path.raw
raw_message.raw
tags.raw
syslog_host
host.raw
type.raw
message
tags
@timestamp

magnusbaeck · July 30, 2015, 7:40am

Isn't that error message from Kibana? When are you getting it? Which field is supposed to contain an IP address? What's your current configuration?

pankaj · July 30, 2015, 12:53pm

Its internal POC platform I am trying to build . I have Centos Virtual instance with Logstash 1.5.3 , Kibana 4.1 and ES 1.7.1.

Regards
Pankaj

magnusbaeck · July 30, 2015, 1:03pm

Okay, but please try to answer the questions I posted earlier.

pankaj · August 4, 2015, 2:32pm

Yes Error message I am getting is from Kibana. I am trying to visualize the traffic with Geo IP or other chart.

Regards
Pankaj

Topic		Replies	Views
No Compatible Fields. index pattern has no field type geo_point Kibana	2	361	April 25, 2019
Cisco ASA Logging to Elastic Stack Elasticsearch	4	2901	May 1, 2020
Logstash 2.0 Cisco Asa - data does not appear in kibana Logstash	7	2096	July 6, 2017
Syslog Cisco ASA Elasticsearch	3	3020	March 18, 2017
Elastic common schema for Cisco ASA Elasticsearch ecs-elastic-common-schema	4	739	July 4, 2022

Index ASA logs

Related topics