[esaggs] > "field" is a required parameter

[myrsecurity]

Hi the dashboards are imported

Got this error when running a report

My current setup Machine A running postfix Filebeats

Machine B running ELK Logstsash Elastic Kibana

From Machine A reads maillog via filebeats, and outputs to Logstash in Machine B, processed up to Elastic

Data is hitting the DB

2 questions: a) Are we missing outputs.conf ? This whole procedure is able to read from /var/log/maillog ( which by the way in your config reference is /var/log/mail.log but it doesnt mention a outputsconf, in my configuration < output { if "postfix" in [tags] { elasticsearch { hosts => localhost index => "filebeat-%{+YYYY.MM}" }

b)is the Index name mandatory to be a specific name? I used filebeats- but perhaps postfix ?

Thanks

[ActionScripted]

Hey @myrsecurity sorry for the slow reply.

1. I'm not sure where the "esaggs" is coming from but it's not part of this codebase.
2. /var/log/mail.log is the standard location for Postfix logs but it can vary by platform, deployment and/or config.
3. The outputs and related bits are referenced in the README and the linked grok patterns repo in the README.
4. Indexes in this repo use the standard Filebeat pattern filebeat-* and if your indexes are different you'll need to adjust these. You can either import the visualizations and modify them in Kibana or edit the JSON files and then import them. An example of the index reference: https://github.com/ActionScripted/elastic-kibana-postfix/blob/master/kibana/ui-visualizations.json#L26

[ActionScripted]

Closing as I haven't heard back. Please reopen if there's anything else I can help with.

[oguz6578]

Hi the dashboards are imported

Got this error when running a report

My current setup Machine A running postfix Filebeats

Machine B running ELK Logstsash Elastic Kibana

From Machine A reads maillog via filebeats, and outputs to Logstash in Machine B, processed up to Elastic

Data is hitting the DB

2 questions: a) Are we missing outputs.conf ? This whole procedure is able to read from /var/log/maillog ( which by the way in your config reference is /var/log/mail.log but it doesnt mention a outputsconf, in my configuration < output { if "postfix" in [tags] { elasticsearch { hosts => localhost index => "filebeat-%{+YYYY.MM}" }

b)is the Index name mandatory to be a specific name? I used filebeats- but perhaps postfix ?

Thanks

did you fix the problem?

[azhinu]

Same problem. Elastic stack 7.8.0. But the problem appears only when I choose time range large than logs contain.

[halimB8]

I have the same problem with Elastic 7.8.0 , did you find a solution for that problem please !

[azhinu]

I have the same problem with Elastic 7.8.0 , did you find a solution for that problem please !

The problem occurs only if you have not enough data. Try to select a lower time range.

[halimB8]

I tried that with a range of 1 minute but it still the same problem !

[halimB8]

[azhinu]

@halimB8, you probably import dashboard incorrectly.

[halimB8]

I solved the problem by stopping all the beats and deleted index of packetbeat then I restarted kibana now it works Thanks for your help