Hi,
I am using Elasticsearch cloud trial. All data I can see is ingested . However when check zeek http logs dont see any source Ip other fields.
Where is checked zeek conn logs and it showing IP info there .
Any help please ?
Welcome to the community!
Not sure have you integrated by EAgent or FBeat.
Try to search for fields: source.ip or zeek.dhcp.address.client
Hello ,
Thanks but dont see any values though created new data see logs of zeek but not those fields. Like Ip address etc.
What have you used for integration EA or FB?
Can you show data structure from Kibana - Discover?
Hi,
I used ES- Zeek integration .
Thanks sure please find below as its only allowing me to post only 1 image .
Regards
You are using FBeat.
Do you have fields:
source.address, source.ip, destination.address or destination.ip or http.response.status_code?
Finally fixed an issue removed integration for zeek then reinstalled integration and agent , issue resolved . But really appreciate your concern and help on the issue.