Lianite
commented
3 years ago It appears that it has been ingesting, but indexes are weird to me. Closing ticket as original problem is solved.
Closed Lianite closed 3 years ago
Lianite
commented
3 years ago It appears that it has been ingesting, but indexes are weird to me. Closing ticket as original problem is solved.
Describe the problem
I am unable to import any data to helk
Provide the output of the following commands
Get operating system and version for linux (except Mac) use:
cat /etc/os-releasefor Mac/OSX use:
sw_versGet disk space, memory, processor cores, and docker storage
echo -e "\nDocker Space:" && df -h /var/lib/docker; echo -e "\nMemory:" && free -g; echo -e "\nCores:" && getconf _NPROCESSORS_ONLNGet output of the HELK docker containers:
docker ps --filter "name=helk"NAME="CentOS Linux" VERSION="8" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Linux 8" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-8" CENTOS_MANTISBT_PROJECT_VERSION="8"
Docker Space: Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg--local-lv--root 30G 29G 1.5G 96% /
Memory: total used free shared buff/cache available Mem: 11 9 0 0 1 1 Swap: 0 0 0
Cores: 4
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e55df226d5e5 confluentinc/cp-ksql-server:5.1.3 "/etc/confluent/dock…" 4 weeks ago Up 20 hours 0.0.0.0:8088->8088/tcp helk-ksql-server b416a4d0f5c2 otrf/helk-kafka-broker:2.4.0 "./kafka-entrypoint.…" 4 weeks ago Up 20 hours 0.0.0.0:9092->9092/tcp helk-kafka-broker ed43cb8cf561 otrf/helk-spark-worker:2.4.5 "./spark-worker-entr…" 4 weeks ago Up 20 hours helk-spark-worker 778603923a77 docker_helk-jupyter "/opt/jupyter/script…" 4 weeks ago Up 20 hours 8000/tcp, 8888/tcp helk-jupyter e8697d3fb9cb otrf/helk-zookeeper:2.4.0 "./zookeeper-entrypo…" 4 weeks ago Up 20 hours 2181/tcp, 2888/tcp, 3888/tcp helk-zookeeper 8b00392b2ff0 otrf/helk-spark-master:2.4.5 "./spark-master-entr…" 4 weeks ago Up 20 hours 7077/tcp, 0.0.0.0:8080->8080/tcp helk-spark-master 21c56102dc0a otrf/helk-elastalert:latest "./elastalert-entryp…" 4 weeks ago Up 20 hours helk-elastalert f523254f6f7c otrf/helk-logstash:7.6.2.1 "/usr/share/logstash…" 4 weeks ago Up 20 hours 0.0.0.0:3515->3515/tcp, 0.0.0.0:5044->5044/tcp, 0.0.0.0:5514->5514/tcp, 0.0.0.0:5514->5514/udp, 0.0.0.0:8515-8516->8515-8516/tcp, 0.0.0.0:8531->8531/tcp, 0.0.0.0:8515-8516->8515-8516/udp, 9600/tcp helk-logstash 20c5d9d4181b otrf/helk-nginx:0.3.0 "/opt/helk/scripts/n…" 4 weeks ago Up 20 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp helk-nginx 6621daddb554 docker.elastic.co/kibana/kibana:7.6.2 "/usr/share/kibana/s…" 4 weeks ago Up 20 hours 5601/tcp helk-kibana fdb818b1f1ba docker.elastic.co/elasticsearch/elasticsearch:7.6.2 "/usr/share/elastics…" 4 weeks ago Up 20 hours 9200/tcp, 9300/tcp helk-elasticsearch
Provide the HELK installation logs located at /var/log/helk-install.log if you are having install errors
What version of HELK are you using
run the command from within the HELK repo run
git log -1 --onelinec087f20 (HEAD -> master, origin/master, origin/HEAD, helk-repo/master) Update Custom.md (#542)
What version of Winlogbeat are you using if you are using Windows/WEF logs
What steps did you take trying to fix the issue
I have attempted to use filebeat and the o365 module to ingest o365 data into helk. I have also tried using the mordor project documentation for consuming data with helk using kafkacat, all with no luck.
How could we replicate the issue
This is a barebones installation of helk, so from what I can tell, fresh instal on CentOS8.
Any additionally code or log context you would like to provide
Any additional context or input you have
This is my first time working with filebeat, kafkacat, and helk in general, so it is very possible that I am doing things wrong. Regardless, I am out of ideas on how to fix this without reaching out for additional assistance.
Thank you.