Packetbeat not capturing anything when `packetbeat.flows: enabled: false`

shreyapatel · October 9, 2019, 8:54pm

I am using Packetbeat v5.6.16 and want to monitor the data in P4 packets captured.

Enabling packetbeat.flows does not capture the individual packet data; only header information in bulk is captured.
Disabling packetbeat.flows does not capture anything.
The logs do not show any errors. Please guide me on how should I proceed to resolve this. Thanks!

packetbeat.yml

packetbeat.interfaces.device: ens1f0
packetbeat.interfaces.type: af_packet
packetbeat.interfaces.buffer_size_mb: 100
packetbeat.interfaces.snaplen: 65535

packetbeat.flows:
  enabled: false
  timeout: 30s
  period: 10s
packetbeat.protocols.dns:
  enabled: true
  ports: [53, 123]
  send_request: true
  send_response: true
  include_authorities: true
  include_additionals: true
output.file:
  path: "/etc/packetbeat"
  filename: packetbeat_capture

system · November 6, 2019, 8:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sniffer not fully working Beats packetbeat	9	2790	July 5, 2017
Packetbeat Flows and Kubernetes not working fine Beats packetbeat	2	741	October 29, 2018
Netflow Cisco IOSv no data complet data in elasticsearch Beats filebeat	4	200	May 2, 2024
Type:flow missing source fields Beats packetbeat	13	1294	May 3, 2018
Adding support for new protocols under packetbeat Beats packetbeat	3	222	February 3, 2024

Packetbeat not capturing anything when `packetbeat.flows: enabled: false`

Related Topics