Skip to content

fixed incorrect tagging

Pre-release
Pre-release
Compare
Choose a tag to compare
@nin9s nin9s released this 24 Sep 18:51
· 41 commits to master since this release
v0.5
793b941

this is an intermediate release as the grok logic needs some further tweaking ...

this release fixes some major issues I've discovered which lead to incorrect mapping of log lines with tags:

  • request and query type
  • response domain to ip
  • cached domain to ip

this could lead to tagging of logs which are actually "cached domain to ip" to be categorized as "response domain to ip". From this update on you should see A LOT more cached entries than ever before.

the dashboard also needed some fixing as the request count in some visualizations where not counted correctly.

note: the file ndjson/v7.x vis and dash/elk-hole - vis_and_dash.ndjson should be imported (select overwrite) into kibanas saved objects and will include both the updated visualizations and the dashboard.

for this patch to work you only need to replace the following files:

20-dns-syslog.conf
import into kibanas saved objects: elk-hole - vis_and_dash.ndjson

Assets 3
Loading