Zeek http logs not showing IP fileds

syed_naqvi · July 24, 2024, 4:51pm

Hi,

I am using Elasticsearch cloud trial. All data I can see is ingested . However when check zeek http logs dont see any source Ip other fields.
Where is checked zeek conn logs and it showing IP info there .
Any help please ?

Rios · July 24, 2024, 5:04pm

Welcome to the community!

Not sure have you integrated by EAgent or FBeat.
Try to search for fields: source.ip or zeek.dhcp.address.client

syed_naqvi · July 24, 2024, 5:46pm

Hello ,

Thanks but dont see any values though created new data see logs of zeek but not those fields. Like Ip address etc.

Rios · July 24, 2024, 7:22pm

What have you used for integration EA or FB?

Can you show data structure from Kibana - Discover?

syed_naqvi · July 24, 2024, 8:14pm

Hi,

I used ES- Zeek integration .

Thanks sure please find below as its only allowing me to post only 1 image .

Regards

Rios · July 24, 2024, 9:07pm

You are using FBeat.
Do you have fields:
source.address, source.ip, destination.address or destination.ip or http.response.status_code?

syed_naqvi · July 24, 2024, 9:10pm

Finally fixed an issue removed integration for zeek then reinstalled integration and agent , issue resolved . But really appreciate your concern and help on the issue.

Topic		Replies	Views
I can't see Zeek's http.log in Kibana but everything else (DNS, SSL, etc.) is fine Beats filebeat	2	1777	March 2, 2020
Filebeat Zeek module doesn’t add ECS fields to zeek logs Beats filebeat	3	333	May 13, 2021
I'm not seeing any geoip data from my zeek logs in my SIEM map SIEM	3	984	September 9, 2019
Issue getting Zeek logs into Kibana Kibana elastic-agent	4	944	June 2, 2022
Filebeat zeek module shows no data Beats filebeat	1	323	August 24, 2022

Zeek http logs not showing IP fileds

Related topics