map not working - Githubissues

ulisesgasco commented 4 years ago

Hi,

All working perfectly only map not working give me blank page

Screenshots https://imgur.com/4ROdgmP https://imgur.com/sD8jnAr

Operating System (please complete the following information):

OS **Linux 4.15.0-96-generic x86_64

NAME="Ubuntu"

VERSION="18.04.3 LTS (Bionic Beaver)"

ID=ubuntu

ID_LIKE=debian

PRETTY_NAME="Ubuntu 18.04.3 LTS"

VERSION_ID="18.04"

HOME_URL="https://www.ubuntu.com/"

SUPPORT_URL="https://help.ubuntu.com/"

BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"

PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"

VERSION_CODENAME=bionic

UBUNTU_CODENAME=bionic**

Version of Docker (docker -v)

Docker version 19.03.6, build 369ce74a3c

Version of Docker-Compose (docker-compose -v):

docker-compose version 1.17.1, build unknown

Elasticsearch, Logstash, Kibana (please complete the following information):

Version of ELK (cat /docker-pfelk/.env) ELK_VERSION=7.6.1

a3ilson commented 4 years ago

@ulisesgasco - Can you provide a screenshot of Kibana>>Discover? Depending on how Docker was configured the network may be inhibiting proper filtering. Please update the 01-inputs.conf as follows, rebuild your docker and let me know if this corrects the issue:

# 01-inputs.conf
input {
  udp {
    port => 5140
  }
}
filter {
  mutate {
    add_tag => [ "pf", "Ready" ]
    add_field => [ "[observer][type]", "firewall" ]
  }  
}
filter {
  if "pf" in [tags] {
    grok {
      # OPNsense - Enable/Disable the line below based on firewall platform
      match => { "message" => "<(?<[event][id]>.*)>%{SYSLOGTIMESTAMP:[event][created]} %{SYSLOGHOST:[observer][name]} %{DATA:labels}(?:\[%{POSINT:pf_pid}\])?: %{GREEDYDATA:pf_message}" }
      ########################################################################################################################################
      # pfSense - Enable/Disable the line below based on firewall platform
      # match => { "message" => "<(?<[event][id]>.*)>%{SYSLOGTIMESTAMP:[event][created]} %{DATA:labels}(?:\[%{POSINT:[event][id]}\])?: %{GREEDYDATA:pf_message}" }
    }
    mutate {
      rename => { "[message]" => "[event][original]"}
      remove_tag => "Ready"
    }
  }
}

Update line 17/20 as needed for pfSense/OPNsense

ulisesgasco commented 4 years ago

@ulisesgasco - Can you provide a screenshot of Kibana>>Discover? Depending on how Docker was configured the network may be inhibiting proper filtering. Please update the 01-inputs.conf as follows, rebuild your docker and let me know if this corrects the issue:

# 01-inputs.conf
input {
  udp {
    port => 5140
  }
}
filter {
  mutate {
    add_tag => [ "pf", "Ready" ]
    add_field => [ "[observer][type]", "firewall" ]
  }  
}
filter {
  if "pf" in [tags] {
    grok {
      # OPNsense - Enable/Disable the line below based on firewall platform
      match => { "message" => "<(?<[event][id]>.*)>%{SYSLOGTIMESTAMP:[event][created]} %{SYSLOGHOST:[observer][name]} %{DATA:labels}(?:\[%{POSINT:pf_pid}\])?: %{GREEDYDATA:pf_message}" }
      ########################################################################################################################################
      # pfSense - Enable/Disable the line below based on firewall platform
      # match => { "message" => "<(?<[event][id]>.*)>%{SYSLOGTIMESTAMP:[event][created]} %{DATA:labels}(?:\[%{POSINT:[event][id]}\])?: %{GREEDYDATA:pf_message}" }
    }
    mutate {
      rename => { "[message]" => "[event][original]"}
      remove_tag => "Ready"
    }
  }
}

Update line 17/20 as needed for pfSense/OPNsense

same issue not working

note :- all traffics goes ------- openvpn clients not wan

a3ilson commented 4 years ago

@ulisesgasco - can you provide a screenshot of kibana>>discover?

ulisesgasco commented 4 years ago

I solved it

add map.proxyElasticMapsServiceInMaps true on kibana.yml

https://discuss.elastic.co/t/map-is-not-visible-in-kibana-7-1/186430/7

pfelk / docker

map not working #6