Hello
Environment detail -
We are having Elasticsearch cluster running with secured http port 9200, 9201 & 9202 with version 8.3
We have installed packetbeat v8.3 on elasticsearch server to monitor the http traffic on port elastic ports to identify the connection detail from source along with taken time to complete the incoming connection.
E.g, - how much time each search query is taking to respond
Problem Statement -
The problem what we have here is packetbeat not able to monitor the https traffic on servers, if i disable the xpack.http.security then all work as expected
But when i change back to https then it stopped working and in kibana we get below message
"error.message": [
** "Unmatched response"**
]
Below is the responce recorded while monitoring https connection
{
"_index": ".ds-packetbeat-8.3.2-2022.08.25-000006",
"_id": "5r32EYMBpPwW6PPcq4wA",
"_version": 1,
"_score": 0,
"_source": {
"@timestamp": "2022-09-06T08:41:59.786Z",
"type": "http",
"source": {
"port": 52180,
"ip": "XXXXXXX"
"hostname": "XXXXXXX"
},
"related": {
"ip": [
"XXXXXXX",
"XXXXXXX"
]
},
"server": {
"ip": "XXXXXXX",
"port": 9200
},
"event": {
"end": "2022-09-06T08:41:59.786Z",
"kind": "event",
"category": [
"network"
],
"type": [
"connection",
"protocol"
],
"dataset": "http"
},
"client": {
"ip": "XXXXXXX",
"port": 52180
},
"network": {
"protocol": "http",
"direction": "ingress",
"community_id": "1:w52+vYsPE9ZDmsP4remWb4sm3os=",
"type": "ipv4",
"transport": "tcp"
},
"ecs": {
"version": "8.0.0"
},
"http": {
"response": {
"headers": {
"content-length": 0
}
}
},
"error": {
"message": "Unmatched response"
},
"status": "Error",
"destination": {
"port": 9200,
"hostname": "XXXXXXX",
"ip": "XXXXXXX"
},
"host": {
"name": "XXXXXXX"
},
"agent": {
"type": "packetbeat",
"version": "8.3.2",
"ephemeral_id": "57dfa4a3-b775-4764-9c9a-80e2505acd7d",
"id": "bda05369-240e-4ebb-96bb-afeef9535ffd",
"name": "XXXXXXX"
}
},
"fields": {
"notes": [
"Unmatched response"
],
"event.category": [
"network"
],
"destination.port": [
9200
],
"server.ip": [
"XXXXXXX"
],
"event.end": [
"2022-09-06T08:41:59.786Z"
],
"type": [
"http"
],
"agent.type": [
"packetbeat"
],
"network.protocol": [
"http"
],
"related.ip": [
"XXXXXXX",
"XXXXXXX"
],
"server.port": [
9200
],
"source.ip": [
"XXXXXXX"
],
"agent.name": [
"XXXXXXX"
],
"host.name": [
"XXXXXXX"
],
"network.community_id": [
"1:w52+vYsPE9ZDmsP4remWb4sm3os="
],
"network.direction": [
"ingress"
],
"event.kind": [
"event"
],
"network.type": [
"ipv4"
],
"http.response.headers.content-length": [
0
],
"destination.hostname": [
"XXXXXXX"
],
"client.ip": [
"XXXXXXX"
],
"agent.hostname": [
"XXXXXXX"
],
"destination.ip": [
"XXXXX"
],
"network.transport": [
"tcp"
],
"@timestamp": [
"2022-09-06T08:41:59.786Z"
],
"source.port": [
52180
],
"agent.id": [
"bda05369-240e-4ebb-96bb-afeef9535ffd"
],
"client.port": [
52180
],
"ecs.version": [
"8.0.0"
],
"source.hostname": [
"XXXXXXX"
],
"error.message": [
** "Unmatched response"**
],
"event.type": [
"connection",
"protocol"
],
"agent.ephemeral_id": [
"57dfa4a3-b775-4764-9c9a-80e2505acd7d"
],
"agent.version": [
"8.3.2"
],
"event.dataset": [
"http"
],
"status": [
"Error"
]
}
}
Any suggesstion will be helpful
Regards
Pratiksha