stamusnetworks / kts5 Goto Github PK

Hi,

Due to the spaces in the name of the dashboards, they cannot be found in the most recent version of kibana (i believe its 5.5)

Additionally, it would be really awesome if the index names could be adjusted easily ;)

Thanks!

Issue in "SN Alerts" dashboard.

the smtp.helo.raw isn't created by default, hence an error occurs.

Hello,
Using these great dashboards on a RedHat EL 7.4 server and after updating via the yum repo from 5.5 to 5.6.0.1, Kibana is in a RED status:
[illegal_argument_exception] mapper [hits] cannot be changed from type [long] to [integer]

So I stopped kibana, removed the kibana index, loaded the dasboards again and started kibana but to no avail:
$ systemctl stop kibana
$ curl -XDELETE http://localhost:9200/.kibana
$ find KTS5/dashboards/ -type f -exec sed -i -e 's/.raw/.keyword/g' {} ;
$ ./load.sh
$ systemctl start kibana

Any idea how to solve this?
Much appreciated!
Andre

hello!
my ELK env is
es/kibana: 5.4.0

after run load.sh when i opened dashboard all chart using ***.raw field as a aggregator is not visible (no results found). index pattern is ok. what wrong?

Hello,
Migrating elasticsearch from 5.6 to 6 did not show major problems regarding already collected data via the SELKS setup on RedHat EL 7, but Kibana 6 fails. Are you planning a release of KTS5 (or maybe KTS6) which will work on ELK 6?
Kind regards,
Andre

After stopping Kibana, removing the index .Kibana and starting Kibana, it works well. But after running the load.sh script it reports import errors and Kibana itself afterwards reports " Your Kibana index is out of date, reset it or use the X-Pack upgrade assistant. "

Loading dashboard SN-STATS:

• curl -H 'Content-Type: application/json' -XPUT http://127.0.0.1:9200/.kibana/dashboard/SN-STATS -d @dashboards/dashboard/SN-STATS.json
  {"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Rejecting mapping update to [.kibana] as the final mapping would have more than 1 type: [index-pattern, dashboard]"}],"type":"illegal_argument_exception","reason":"Rejecting mapping update to [.kibana] as the final mapping would have more than 1 type: [index-pattern, dashboard]"},"status":400}+ echo

WIth the latest version of kibana and using the KTS5 dashboards I am getting:

No results found on a lot of visualizations.

When I the field list they change to:

Could not locate that index-pattern-field (id: ...).

I fixed this issue by changing the .raw entries to .keyword in the visualizations.

This seems to have changed with ELK 5: https://www.elastic.co/guide/en/logstash/current/breaking-changes.html#_elasticsearch_output_index_template

Received the following in Kibana. Thoughts on how to fix?

Error: unknown error
ErrorAbstract@http://192.168.3.249:5601/bundles/kibana.bundle.js?v=15616:12:24939
errors.Generic@http://192.168.3.249:5601/bundles/kibana.bundle.js?v=15616:12:25973
respond@http://192.168.3.249:5601/bundles/kibana.bundle.js?v=15616:13:2793
checkRespForFailure@http://192.168.3.249:5601/bundles/kibana.bundle.js?v=15616:13:1959
AngularConnector.prototype.request/<@http://192.168.3.249:5601/bundles/kibana.bundle.js?v=15616:2:341
processQueue@http://192.168.3.249:5601/bundles/commons.bundle.js?v=15616:38:23621
scheduleProcessQueue/<@http://192.168.3.249:5601/bundles/commons.bundle.js?v=15616:38:23888
$eval@http://192.168.3.249:5601/bundles/commons.bundle.js?v=15616:39:4607
$digest@http://192.168.3.249:5601/bundles/commons.bundle.js?v=15616:39:2343
$apply@http://192.168.3.249:5601/bundles/commons.bundle.js?v=15616:39:5026
done@http://192.168.3.249:5601/bundles/commons.bundle.js?v=15616:37:25016
completeRequest@http://192.168.3.249:5601/bundles/commons.bundle.js?v=15616:37:28702
requestError@http://192.168.3.249:5601/bundles/commons.bundle.js?v=15616:37:29744

Hello,

I'm newbie on ELK but I dont have clear how I can transmit suricata logs to elasticsearch.

Do you use logstash? any other way?

Thank you

Hello,
I have just installed ELK 5.5.1 and try to import KTS5.
After running ./load.sh and login to Kibana I got message with patten "logstash-*"

Mapping conflict
A field is defined as several types (string, integer, etc) across the indices that match this pattern. You may still be able to use these conflict fields in parts of Kibana, but they will be unavailable for functions that require Kibana to know their type. Correcting this issue will require reindexing your data.

The conflict filed is geoip.coordinates
The type of this field changes across indices. It is unavailable for many analysis functions. The indices per type are as follows:

Could you please tell me how to fix this issue?
Thank you!