Hi:
my env is packetbeat 5.5.1, in kibana management-index patterns,there is about 3000 fields,like this
http.request.headers.hcxrwnivhh
http.request.headers.ehzayscxyp
http.request.headers.cqddzwwqrx
http.request.headers.qmwszdvxwb
why?
PB just passes through what it gets, have you tried looking at the raw incoming request using wireshark or similar?
but These fields do not appear in discover
index patterns fields :
discover fields:
I think it's enough for one HTTP response to contain all those headers and then they will be considered as fields in Elasticsearch. Try looking for them with something like this in Kibana: _exists_:http.request.headers.anesfqrwm.
Btw, PB by default doesn't capture any header fields. You probably enabled the send_all_headers option? Perhaps you want to define a whitelist using the include_headers option.
Hi,tudor:
thk,i disable send_all_headers after,the problem not exit.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.