-
|
I have a 2.4.140 version distributed deployment with an airgapped managersearch, 2 search nodes, and 3 sensors. I recently installed arkime on the sensors and am receiving data from it (one of the sensors is attached to a simulated range) but I am not getting anything in Kibana. I dont see anything from zeek/suricata and my connections dashboard is empty. I am getting stuff in logs* data view but its mostly internal security onion notices. I checked the suricata logs and there are some alerts with the IPs in the simulated range but its not showing up in kibana. Is there more configuration I need to do to get those logs to kibana? Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
This is not supported. |
Beta Was this translation helpful? Give feedback.
-
|
What is not supported? Is Arkime not supported? Wasn't it included in a previous version? Would that have caused logstash not to work? |
Beta Was this translation helpful? Give feedback.
-
|
Arkime has never been supported in any version. I have no idea what happened to your logstash by installing unsupported tools. My guess is it messed up your elastic agent on the sensor and now your data pipeline is wrecked. |
Beta Was this translation helpful? Give feedback.
This is not supported.