Packetbeat agent not returning HTTP fields

aviral_srivastava · August 16, 2017, 2:25pm

Packetbeat 1.2.2
ElasticSearch 2.1.0
OS: Windows Server 2008 R2

I have deployed packetbeat agent on a Windows system. It is returning following fields.

beat.hostname
client_ip
client_port
direction
ip
method
port
query
resource
type
@timestamp
_id
_index
_score
_type
beat.name
bytes_in
bytes_out
client_proc
client_server
count
dns.additionals
dns.additionals_count
dns.answers
dns.answers_count
dns.authorities
dns.authorities_count
dns.flags.authoritative
dns.flags.recursion_allowed
dns.flags.recursion_desired
dns.flags.truncated_response
dns.id
dns.op_code
dns.question.class
dns.question.name
dns.question.type
dns.response_code
notes
proc
responsetime
server
status
transport

As we can see the http fields are missing. We are struggling with this issue. Can anybody help.

steffens · August 17, 2017, 9:14pm

Have you checked any events with type: http being indexed in Elasticsearch?

Also checks packetbeat logs for potential parsing errors.

Also verify the device you configured is really the one used to send/receive HTTP requests.

system · September 14, 2017, 9:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Missing some fields in some document Beats beats-module , packetbeat	3	345	September 27, 2023
Domain name missing in Http fields in packetbeat Beats packetbeat	4	1564	July 5, 2017
Http.response 404 Beats packetbeat	15	834	July 11, 2018
Dns Indexing Problem Beats packetbeat	5	721	March 18, 2018
Packetbeat appears to be adding DNS packets that were not really sent Beats packetbeat	2	591	July 6, 2020

Packetbeat agent not returning HTTP fields

Related topics