Kibana+Elasticsearch+Logstash [ELK] v5+|pfSense v2.3+|Ubuntu 16.04+
-
Hi people, I just follow this article
http://pfelk.3ilson.com/2016/11/kibanaelasticsearchlogstash-plugin-x.html
But I am almost completed however when I try to import the visualizations.json from the file I get an error of "Saved Objects: Could not locate that index-pattern-field (id: dest_port.keyword)"
running pfsense 2.3.2-RELEASE-p1 and Ubuntu 16.04
Anybody here have already use this software?
-
I remember reading somewhere you had to import the 3 files in the correct order. I think it is: searches then visualizations then dashboard. Not sure though..
-
No matter how I try to import, I am not getting past this error.
-
At a guess, something in the latest versions of ELK is no longer supported by the initial configuration.
-
Ok, so it looks like ELK changed the way some mappings worked in their latest upgrade. This visualization file will get everything working but the geoip related items. Rename as json and import and it should work.
If you are interested in the changes, use a diff program to compare the two files.
(in short, the names of items needed to be changed to name.raw instead of name)
https://github.com/elastic/elasticsearch/issues/15267
(Note, you need to be logged in to see the attached file. Sorry, didn't realize that until I looked at this while logged out.)
-
Thanks a lot! I just have one problem, it doesn't show me the maps as you can see on the pic.
