Hi
I currently used the Logstash net flow plugin to accept sflow from a PaloAlto firewall however when I select the geo locations for a source and destination nothing appears on the map screen and also no errors. I have tried looking for documentation to ensure the data which is being feed is of the correct syntax but I cannot find anything. Could anyone point me in the right direction?
Many thanks
Which version of the stack are you using ? That sounds like there's indeed a difference in ingestion and mapping between the two environments.Could you show us the mapping for that fields in both environments and possibly the source of a document from each?
thanks
Rashmi
Hi,
I have figured out the issue and its my fault. The reason I have nothing being mapped is due to my logs only containing either a destination or source geo location as my firewall would be at the other end or is an internal/private IP, thus doesn't get mapped. Would you know how to add a geo location if nothing is present?
Thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.