Kibana, missing fields

I currently use graylog as SIEM. I kibana to install on the same server in order to better visualize the data. I created different extractors on graylog to have several fields extracted from the message:


The problem is that on kibana, these fields do not necessarily appear and are not the same, I need them to create my dashboards


For example, the field ip_src, backend, frontend is missing here

I try to find the solution but for the moment I can’t understand why the fields are not the same (for the haproxy logs in this case), knowing that for some messages (which come from something other than the haproxy) they are

Thank you

I specify that in addition to that Kibana knows these extractors:

Thank you

Hi, can you explain your data pipeline? Is the data going into Graylog and then copied into Elasticsearch? Or is data being sent to Grayload and Elasticsearch?

Have you looked into using ingest pipelines? Ingest pipelines | Elasticsearch Guide [7.13] | Elastic

Did you create an index template for this data? Index templates | Elasticsearch Guide [7.13] | Elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.