pevma
commented
7 years ago Hi ,
Can you describe your set up in a bit more detail? In general there is no expected format - it is nativaly parsing json.
Have you changed the hostname of the box that runs Scirius - https://github.com/StamusNetworks/SELKS/wiki/Initial-Setup---HOSTNAME ?
Thanks
On Fri, Feb 10, 2017 at 12:53 AM, Richard Hesse notifications@github.com wrote:
What's the expected format or field names for ElasticSearch integration? We're using heka to parse eve.json and throw it directly into ES 1:1 based on JSON key names. I'm having some issues getting the ES integration to work in Scirius and would appreciate some guidance here. Scirius shows a green tile for ElasticSearch and can see all of the indices. However, it cannot display any of the event data.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
-- Regards, Peter Manev
What's the expected format or field names for ElasticSearch integration? We're using heka to parse eve.json and throw it directly into ES 1:1 based on JSON key names. I'm having some issues getting the ES integration to work in Scirius and would appreciate some guidance here. Scirius shows a green tile for ElasticSearch and can see all of the indices. However, it cannot display any of the event data.