Kibana Visualization Showing Incorrect Information from events

zeno · July 18, 2019, 10:29pm

I have configured Kibana for visualization of logs & events regarding file integrity which shows file path & count when the file is created, deleted or modified. Now the issue is that when i create a new file on ubuntu /etc folder, the Top deleted Pie chart , shows 1 file path as deleted which is .swp file of the same file which i have created while the Action Count says 2 files are created & 2 are deleted. 1 is original text file, 2nd is .swp file which is created and deleted are .swp file twice in action count.

Can someone expert please help in this that why .swp is getting deleted twice in events and counting as 2 instead of 1 ??

Kibana version is from 2018

I will be very thankful

Marius_Dragomir · July 19, 2019, 10:21am

I think this more a question for the program that you're using to collect the events. Kibana just displays what information you've ingested in Elasticsearch.

zeno · July 19, 2019, 3:57pm

Sorry lets take it that way. What would be the possible reason of the .swp files in ubuntu getting deleted twice ? any idea !

system · August 16, 2019, 3:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.