Packetbeat agent not returning HTTP fields

aviral_srivastava · August 16, 2017, 2:25pm

Packetbeat 1.2.2
ElasticSearch 2.1.0
OS: Windows Server 2008 R2

I have deployed packetbeat agent on a Windows system. It is returning following fields.

beat.hostname
client_ip
client_port
direction
ip
method
port
query
resource
type
@timestamp
_id
_index
_score
_type
beat.name
bytes_in
bytes_out
client_proc
client_server
count
dns.additionals
dns.additionals_count
dns.answers
dns.answers_count
dns.authorities
dns.authorities_count
dns.flags.authoritative
dns.flags.recursion_allowed
dns.flags.recursion_desired
dns.flags.truncated_response
dns.id
dns.op_code
dns.question.class
dns.question.name
dns.question.type
dns.response_code
notes
proc
responsetime
server
status
transport

As we can see the http fields are missing. We are struggling with this issue. Can anybody help.

steffens · August 17, 2017, 9:14pm

Have you checked any events with type: http being indexed in Elasticsearch?

Also checks packetbeat logs for potential parsing errors.

Also verify the device you configured is really the one used to send/receive HTTP requests.

system · September 14, 2017, 9:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.