Hi
I have a fresh install of logstash 7.2 with netflow configure following the /home/tutorial/netflow tutorial, and its pushing data to elastic.cloud (7.2) sucessfully. The Dashboard Netflow: Overview work great and no missing data across visuals.
When I go to SIEM | Overview I notice there is count next to Filebeat Netflow, and SIEM | Network data is empty.
Any idea how I get this to show under SIEM | Network?
Unfortunately the Netflow module in Logstash doesn't currently use ECS fields, which makes it incompatible with the SIEM app.
If it is possible in your setup, we recommend using the Filebeat Netflow input and module instead. That one is fully ECS compatible.
Thanks @tudor, that cleared up the confusion. Switched over to Filebeat:netflow module and data is reporting correctly.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.