Suricata Kibana Dashboard no data displayed

[lukelee1987]

Hi all, I am using kibana 7.1.1, Filebeat 7.1.1. But there is no data captured and collected to visualized on the dashboard.

eve.json logs for suricata are located in /var/log/suricata and data are collected and growing. From here is showing that Suricata monitoring is running fine.

Strangely, on the dashboard has no data. Is it something wrong with my logstash? It did not run properly, my another question is can we use Filebeat instead of logstash? How can this be done??

Please advise.

[robcowart]

Logstash was used because at the time Filebeat and ES ingest pipeline didn't provide the necessary functionality. However I am also mostly moving away from Logstash, so no updates are intended for this solution.