Dear All,
I am running ELK 8.2.2 on Debian 11 bullseye and installed packetbeat 8.2.2. "packetbeat setup" brings no errors. And
packetbeat test config
Config OK
packetbeat test output
Elasticsearch: https://kibana8.home.yer.at:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 192.168.241.9
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 8.2.2
If I look with kibana at packetbeat overview I see no data. Also DNS doesn't show anything, of course it is configured.
In index management I see data streams and index templates for packetbeat.
But looking at discover and selecting packetbeat doesn't show any data too.
When I run packetbeat with option -v I see repeated infos like this
{"log.level":"warn","@timestamp":"2022-06-11T21:47:41.643+0200","log.logger":"Elasticsearch","log.origin":{"file.name":"Elasticsearch/client.go","file.line":428},"message":"Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Date(2022, time.June, 11, 21, 47, 40, 583409918, time.Local), .......
Is this maybe a problem of the combination of ELK and OS because on older versions of Debian and ELK I can run packetbeat successfully.
// Hans