New header field in my ElasticSearch log dashboard


i describe you the scenario.

The system involved are:

  • reverse proxy;
  • elastic;
  • kibana
  • suricata
  • logstash

Actually i only see, on the kibana dashboard monitoring, traffic incoming with the reverse proxy ip to the servers. So i flagged a field on the reverse proxy to see, in a custom header named “client_ip”, the original source IP.

I need to take this field and print it on the kibana dashboard.

Yesterday i modified che suricata.yaml configuration file, adding the string “custom : [client_ip] in the http section, but this morning i didn’t find anything about it.

Can u help me? I don’t know the exact steps to take to do this…

Thank u very much.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.