I am trying to setup ELK for ASA logs , issue I am facing is parsing ASA logs. Any help will be appreciated.
I am getting following error message
"No Compatible Fields: The "logstash-*" index pattern does not contain any of the following field types: ip"
Thanks
Pankaj
Maybe this will help.
https://jackhanington.com/blog/2015/06/16/send-cisco-asa-syslogs-to-elasticsearch-using-logstash/
Still not able to index IP field
name
_index
_type
geoip.location
@version
_source
_id
raw_message
type
path
host
syslog_host.raw
path.raw
raw_message.raw
tags.raw
syslog_host
host.raw
type.raw
message
tags
@timestamp
Isn't that error message from Kibana? When are you getting it? Which field is supposed to contain an IP address? What's your current configuration?
Its internal POC platform I am trying to build . I have Centos Virtual instance with Logstash 1.5.3 , Kibana 4.1 and ES 1.7.1.
Regards
Pankaj
Okay, but please try to answer the questions I posted earlier.
Yes Error message I am getting is from Kibana. I am trying to visualize the traffic with Geo IP or other chart.
Regards
Pankaj
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
