Logs not appearing after ES upgrade to version 8.6.2

jasonish / evebox

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

https://evebox.org/

MIT License

423 stars 67 forks source link

Logs not appearing after ES upgrade to version 8.6.2 #265

Closed ngms17 closed 1 year ago

ngms17 commented 1 year ago

After upgrading to ELK version 8.6.2, Evebox does not show any events on the web frontend and it gives the the following warning:

Mar 29 14:50:46  evebox[268112]: 2023-03-29 14:50:46  WARN evebox::elastic::eventrepo: Elasticsearch response has no aggregations
Mar 29 14:50:47  evebox[268112]: 2023-03-29 14:50:47  WARN evebox::elastic::eventrepo: Elasticsearch response has no aggregations

ngms17 commented 1 year ago

Found the solution. Has i am using data-streams, add to use index: name-of-index* and not index: name-of-index-*

jasonish commented 1 year ago

Can I ask how you are adding events to a datastream? Using Filebeat with the Suricata module, or something else? Thanks!