Hello,
I'm collecting Netflow data from Palo Alto NGFW, using Logstash and Elasticsearch, but Kibana unable to show Tilemap or graphs for Locations and giving numbers but (-) instead of city or location.
I'm using 5.3.1 for all software nitems on Oracle Linux 7.3
any help?
Thanks.
Hi
I'm having a hard time visualizing exactly what's happening. Could you provide some screenshots or perhaps an animated gif to show what's going on? As as an alternative, can you also look at your field mappings? location type in your mapping should be geo_point to see the maps.
Also, you could index a sample data which contains geo_location and try it first to see if you can create a visualization with Tile map.
https://www.elastic.co/guide/en/kibana/current/_configuration.html
Thanks
Rashmi
Hi,
actually it is an empty MAP just the grey one
for the configuration file
input {
udp {
port => 9995
codec => netflow {
versions => [5, 9, 10]
}
type => netflow
}
}
filter {
geoip {
source => "[netflow][ipv4_src_addr]"
target => "src_geoip"
}
geoip {
source => "[netflow][ipv4_dst_addr]"
target => "dst_geoip"
}
mutate {
convert => {
"[netflow][ipv4_src_addr]" => "string"
"[netflow][ipv4_dst_addr]" => "string"
}
convert => { "longitude" => "float" }
convert => { "latitude" => "float" }
convert => { "location" => "float" }
}
}
output {
elasticsearch {
hosts => [ "xxxxxx:9200" ]
}
}
Thanks.
Hi
It seems to me that the configuration is not yet selected. Can you plz select the "geo coordinates" button, select the geo-field and press the play button?
Do let us know what happens.
Thanks
Rashmi
Hi,
I modified it but unfortunately it gives me a white page.
can you send me a configuration for logstash (Input, Output, ....)?
Thanks.
Hi @mmdallal,
can you attach a screenshot of the page with the geo_coordinates selected, after pressing the play-button?
Can you also expand the data-table (using the little grey arrow near the bottom of the map), and show the request/responses to Elasticsearch?
thx,
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
