Index packetbeat

How do I determine which index the data from the packetbeat is written to. For some reason, they created a lot. And what query can I read the data from this index. As I understand it is necessary to determine what types of data are in this index and request by any type. But how to find out what types of data inside!? Thanks

In fact my task is simply to generate a query that will return a JSON records from the index which in turn is filled from the packetbeat

Packetbeat creates the packetbeat-TIMESTAMP indices.

Install Kibana, have a look at the data. Then build some visualisations and copy the queries it creates.

Thank you. It is unclear by what principle he creates them. Every time a packetbeat is started or it writes to one continuously. At me why that that there were two indexes though I already launched packetbeat after that

The index is created based on the timestamp of the network event. Best have a look at the events which are in "older" indices. This should give you some details on what events these are and why they have an older timestamp.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.