Hello we played a little with packet beats and the graph plugin for Kibana. Unfortunately we can't get the graph plugin to query any beats data, but we can see the keys in the drop down menu. We used the latest packet beats alpha version. And latest Kibana and elasticsearch version.
Any help apriciated.
Cheers
Chris
Hi Chris,
Here's the simple thing I've found I could do with Graph and packetbeat data.
First I look at packetbeat data in Discover to see what fields have some data that might be interesting. On mine, I saw that dest.port showed 9200 (Elasticsearch), 5601 (Kibana), and 22 (ssh).
So I went to Graph, selected packetbeat-* index pattern, added the dest.port, and put 9200 in the query field. That got me some circles with port numbers including 9200;
Then I added source.port and searched again and got some relationships;
One thing I've noticed with Graph is that it seems to require a certain amount of data before it will find and show something. You could look in the Settings and try tweaking a few of the parameters there, but I can't really advise you much on that.
Regards,
Lee
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
