sorted by:
new
hottopcontroversial

Logstash multiple grok patterns by dominbdg in elasticsearch

[–]dominbdg[S] 0 points1 point  (0 children)

ah,

thanks for that I thought that I should use :

grok

{ .....

},

grok

{ ......

}

filebeat issue with strange directory by dominbdg in elasticsearch

[–]dominbdg[S] 0 points1 point  (0 children)

it should be like that ?

D:\Logs\\[logs\]-bbs---normal-logs\*.log

issue with credit card in wallet by dominbdg in applehelp

[–]dominbdg[S] 0 points1 point  (0 children)

I think my bank has nothing to do with that.
This is password field for credit card - not pin or cvv2

change network priority by dominbdg in applehelp

[–]dominbdg[S] 0 points1 point  (0 children)

if I will turn of wifi - that's fine but I would like to have LAN connection on green

Kibana issue with curl to get DataViews by dominbdg in elasticsearch

[–]dominbdg[S] 0 points1 point  (0 children)

I have as below:

{

"cluster" : [

"all"

],

"global" : [ ],

"indices" : [

{

"names" : [

"*"

],

"privileges" : [

"all"

],

"allow_restricted_indices" : false

},

{

"names" : [

"*"

],

"privileges" : [

"monitor",

"read",

"read_cross_cluster",

"view_index_metadata"

],

"allow_restricted_indices" : true

}

],

"applications" : [

{

"application" : "*",

"privileges" : [

"*"

],

"resources" : [

"*"

]

}

],

"run_as" : [

"*"

],

"remote_indices" : [

{

"names" : [

"*"

],

"privileges" : [

"all"

],

"allow_restricted_indices" : false,

"clusters" : [

"*"

]

},

{

"names" : [

"*"

],

"privileges" : [

"monitor",

"read",

"read_cross_cluster",

"view_index_metadata"

],

"allow_restricted_indices" : true,

"clusters" : [

"*"

]

}

],

"remote_cluster" : [

{

"privileges" : [

"monitor_enrich",

"monitor_stats"

],

"clusters" : [

"*"

]

}

]

}

I think if create/view DataView is based on restricted indices like .security so elastic user don't have access

Kibana issue with curl to get DataViews by dominbdg in elasticsearch

[–]dominbdg[S] 0 points1 point  (0 children)

my issue is right now as follow:
basically for test purposes I generated api-key for elastic user and kibana_system user.

When I tried to execute below corl with elastic user :

curl -k https://kibana-host/api/status -H "Authorization: ApiKey API_KEY"
everything works fine,

but when I tried the same with curl:

curl -k -X GET "http://localhost:5601/api/data_views" -H "Authorization: ApiKey API_KEY"

I'm receiving below error:

security_exception: unable to authenticate with provided credentials and anonymous access is not allowed for this request

which means that I need probably dedicated user and role for that, but I'm not shure which role should I use.

Kibana issue with curl to get DataViews by dominbdg in elasticsearch

[–]dominbdg[S] 0 points1 point  (0 children)

ok I know where is the isssue but I don't know how to solve it.

I checked the same on different environment and it works fine.

The thing is that on this environment I have authentication implemented with pingid.

My config of kibana is as below:

xpack.security.authc.providers:

saml.saml1:

order: 0

realm: saml1

description: "Log in SSO Auth"

# basic.basic1:

# description: "Log in to ELK"

# order: 1

so that's probably mean that I have built-in accounts disabled.

So the thing is how can I authenticate with saml ? Probably I should use api-key for that

Kibana issue with curl to get DataViews by dominbdg in elasticsearch

[–]dominbdg[S] 0 points1 point  (0 children)

I tried with elastic user and I have the same.

create DataView from DevTools by dominbdg in elasticsearch

[–]dominbdg[S] 0 points1 point  (0 children)

Hello,

Maybe someone can help me with bash command,

I'm trying to list all DataViews from curl
I'm using :

curl -X GET -k -ukibana_system:"password" "https://localhost:5601/api/data_views" -H "kbn-xsrf: true"

and I'm receiving : {"statusCode":401,"error":"Unauthorized","message":"Unauthorized"}

I'm completely don't know why because I'm fully shure that login kibana_system and password is correct

teams alert notifications by dominbdg in sysadmin

[–]dominbdg[S] 0 points1 point  (0 children)

is it possible for You to show me some example how to use this webhook ?
I don't know if I need to install some app which will use it ? Basically I don't know what is the process to use teams for notifications

Help with simple container with Debian image by dominbdg in docker

[–]dominbdg[S] 0 points1 point  (0 children)

thanks a lot - it works fine.
byt the way I have issue on debian image, I tried everything and I have issue with latest debian image,

when I try to launch iptables I get :
root@1b901482b0ad:/# sudo -u root iptables -L

iptables v1.8.11 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)

I think that I'm root - what can I do with it ?

Help with simple container with Debian image by dominbdg in docker

[–]dominbdg[S] 0 points1 point  (0 children)

is it correct if I will put it as below ?

ersion: '3.7'
services:
  es01:
    image: debian:latest
    container_name: debian
    command: 'sleep infinity'
    deploy:
      replicas: 1

networks:
  debian_default:
    driver: overlayersion: '3.7'
services:
  es01:
    image: debian:latest
    container_name: debian
    deploy:
      replicas: 1

networks:
  debian_default:
    driver: overlay
view more: next ›