SIEM does not show data

Minh_Ti_n_Tr_n · April 22, 2020, 2:40am

I will show everything here
My filebeat mapping

Filebeat.yml

# Wazuh - Filebeat configuration file
filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false

#filebeat.config.inputs:
#  enabled: true
#  path: inputs.d/*.yml

filebeat.config.modules:
  enabled: true
  path: /etc/filebeat/modules.d/*.yml

setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.template.overwrite: true
setup.ilm.enabled: false

output.elasticsearch.hosts: ['https://192.168.1.17:9200']
output.elasticsearch.username: "elastic"
output.elasticsearch.password: "<password>"
output.elasticsearch.ssl.certificate_authorities: ["/etc/elasticsearch/certs/ca.crt"]
output.elasticsearch.ssl.certificate: "/etc/elasticsearch/certs/node-0.crt"
output.elasticsearch.ssl.key: "/etc/elasticsearch/certs/node-0.key"

Module enabled

netflow.yml

# Module: netflow
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.5/filebeat-module-netflow.html

- module: netflow
  log:
    enabled: true
    var:
      netflow_host: 0.0.0.0
      netflow_port: 2055

Then I try the tutorial via link: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-template.html#load-template-manually-alternate

My Kibana discover but dont have indice

Thanks

Topic		Replies	Views
Unable to use SIEM module SIEM	11	1054	May 6, 2021
SIEM error new install SIEM	2	715	July 29, 2020
Filebeat & Kibana error: "Visualize: Fielddata is disabled on text fields by default." Kibana	2	2359	February 17, 2017
Fielddata error preventing Authentications tab populating SIEM	4	584	October 2, 2019
Trouble with Index Patterns SIEM	13	3914	August 2, 2019

SIEM does not show data

Related topics