dashboard present error

Question

dashboard present error

vdministrator opened this issue 5 years ago · 6 comments

I used elk7.1 and Kibana dashboard present lot of error after installed synesis_lite_suricata(7.1.x)
.how can I do resolve this problem ?

Answer 1 · 2020-06-15T15:03:38.000Z

you can help me !!!

Answer 2 · 2020-06-15T15:19:49.000Z

Hi,
This is related to the fact that your index pattern or data is mapped to the wrong template. Probably the default logstash template which is automaticaly created.
Check your logstash pipeline is using the right template and check that is is loaded/installed correctly.
If it does, delete the index data and start over again.
If it doesn't work. Do this:

Stop logstash
Delete the index pattern and the corresponding data (index)
Import the NDJSON again including the index pattern
start logstash again
You should be fine now

Regards

Answer 3 · 2020-06-15T15:21:01.000Z

You could also checkout if there are any mapping conflicts

Answer 4 · 2020-06-15T22:21:51.000Z

does version 5.x of suricata work with this project! I use Suricata 5 but the problem persists, I delete and add the index, but same problem

Answer 5 · 2020-06-15T22:23:54.000Z

how to resolve mapping conflicts, sometimes I find conflict errors

Answer 6 · 2021-07-28T14:47:43.000Z

This has not been updated for any Suricata version after 4.x. As I have moved away from Logstash for such projects, I am not planning to update this project. Sorry.