Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
Elasticsearch 6.6.2 and non-standard index names
cphillips at inei
Mar 25, 2019, 9:18 AM
Post #1 of 5 (832 views)
Permalink
Hello. I have be previously able (Elasticsearch 5.6) to import the ntopng-ES template into ES when the index name is not "ntopng." Since the template changed for ES 6 and above - is there a way to see the updated ntopng-ES template for ES6 so I can update my indices to pick up the geoip and IP fields? Currently they are number and string fields.

Thank you.

christina phillips / Director, IT Security Practice
Independent Network Consultants
e: cphillips@inei.com<mailto:cphillips@inei.com> m: 703.626.0385
http://incsecurity.wordpress.com<http://incsecurity.wordpress.com/>
Twitter: https://twitter.com/ITSecurityNinja
LinkedIn: www.linkedin.com/in/ChristinaPMBA<http://www.linkedin.com/in/ChristinaPMBA>
Re: Elasticsearch 6.6.2 and non-standard index names [ In reply to ]
mainardi at ntop
Mar 25, 2019, 10:01 AM
Post #2 of 5 (832 views)
Permalink
The ntopng ES6 template is available at: https://github.com/ntop/ntopng/blob/dev/httpdocs/misc/ntopng_template_elk6.json <https://github.com/ntop/ntopng/blob/dev/httpdocs/misc/ntopng_template_elk6.json>

ntopng automatically pushes it to ES when it detects it's version 6.

Simone

> On 25 Mar 2019, at 17:18, Christina Phillips <cphillips@inei.com> wrote:
>
> Hello. I have be previously able (Elasticsearch 5.6) to import the ntopng-ES template into ES when the index name is not “ntopng.” Since the template changed for ES 6 and above – is there a way to see the updated ntopng-ES template for ES6 so I can update my indices to pick up the geoip and IP fields? Currently they are number and string fields.
>
> Thank you.
>
> CHRISTINA PHILLIPS / Director, IT Security Practice
> INDEPENDENT NETWORK CONSULTANTS
> e: cphillips@inei.com <mailto:cphillips@inei.com> m: 703.626.0385 <tel:703.626.0385>
> http://incsecurity.wordpress.com <http://incsecurity.wordpress.com/>
> Twitter: https://twitter.com/ITSecurityNinja <https://twitter.com/ITSecurityNinja>
> LinkedIn: www.linkedin.com/in/ChristinaPMBA <http://www.linkedin.com/in/ChristinaPMBA>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
Re: Elasticsearch 6.6.2 and non-standard index names [ In reply to ]
cphillips at inei
Mar 25, 2019, 10:23 AM
Post #3 of 5 (832 views)
Permalink
Grazie

From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> On Behalf Of Simone Mainardi
Sent: Monday, March 25, 2019 1:01 PM
To: ntop@unipi.it
Subject: Re: [Ntop] Elasticsearch 6.6.2 and non-standard index names

The ntopng ES6 template is available at: https://github.com/ntop/ntopng/blob/dev/httpdocs/misc/ntopng_template_elk6.json

ntopng automatically pushes it to ES when it detects it's version 6.

Simone


On 25 Mar 2019, at 17:18, Christina Phillips <cphillips@inei.com<mailto:cphillips@inei.com>> wrote:

Hello. I have be previously able (Elasticsearch 5.6) to import the ntopng-ES template into ES when the index name is not “ntopng.” Since the template changed for ES 6 and above – is there a way to see the updated ntopng-ES template for ES6 so I can update my indices to pick up the geoip and IP fields? Currently they are number and string fields.

Thank you.

CHRISTINA PHILLIPS / Director, IT Security Practice
INDEPENDENT NETWORK CONSULTANTS
e: cphillips@inei.com<mailto:cphillips@inei.com> m: 703.626.0385<tel:703.626.0385>
http://incsecurity.wordpress.com<http://incsecurity.wordpress.com/>
Twitter: https://twitter.com/ITSecurityNinja
LinkedIn: www.linkedin.com/in/ChristinaPMBA<http://www.linkedin.com/in/ChristinaPMBA>


_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Elasticsearch 6.6.2 and non-standard index names [ In reply to ]
cphillips at inei
Mar 25, 2019, 12:29 PM
Post #4 of 5 (831 views)
Permalink
Simone, true – however the automatic push is only when the index is named ntopng-* or a variant thereof.

From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> On Behalf Of Simone Mainardi
Sent: Monday, March 25, 2019 1:01 PM
To: ntop@unipi.it
Subject: Re: [Ntop] Elasticsearch 6.6.2 and non-standard index names

The ntopng ES6 template is available at: https://github.com/ntop/ntopng/blob/dev/httpdocs/misc/ntopng_template_elk6.json

ntopng automatically pushes it to ES when it detects it's version 6.

Simone


On 25 Mar 2019, at 17:18, Christina Phillips <cphillips@inei.com<mailto:cphillips@inei.com>> wrote:

Hello. I have be previously able (Elasticsearch 5.6) to import the ntopng-ES template into ES when the index name is not “ntopng.” Since the template changed for ES 6 and above – is there a way to see the updated ntopng-ES template for ES6 so I can update my indices to pick up the geoip and IP fields? Currently they are number and string fields.

Thank you.

CHRISTINA PHILLIPS / Director, IT Security Practice
INDEPENDENT NETWORK CONSULTANTS
e: cphillips@inei.com<mailto:cphillips@inei.com> m: 703.626.0385<tel:703.626.0385>
http://incsecurity.wordpress.com<http://incsecurity.wordpress.com/>
Twitter: https://twitter.com/ITSecurityNinja
LinkedIn: www.linkedin.com/in/ChristinaPMBA<http://www.linkedin.com/in/ChristinaPMBA>


_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Elasticsearch 6.6.2 and non-standard index names [ In reply to ]
mainardi at ntop
Mar 27, 2019, 2:47 AM
Post #5 of 5 (827 views)
Permalink
Correct.


We didn't want the template to be possibly applied to all the ES indices with potentially unpredictable behaviors, so we used the prefix ntopng-


Simone

> On 25 Mar 2019, at 20:29, Christina Phillips <cphillips@inei.com> wrote:
>
> Simone, true – however the automatic push is only when the index is named ntopng-* or a variant thereof.
>
> From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> On Behalf Of Simone Mainardi
> Sent: Monday, March 25, 2019 1:01 PM
> To: ntop@unipi.it
> Subject: Re: [Ntop] Elasticsearch 6.6.2 and non-standard index names
>
> The ntopng ES6 template is available at: https://github.com/ntop/ntopng/blob/dev/httpdocs/misc/ntopng_template_elk6.json <https://github.com/ntop/ntopng/blob/dev/httpdocs/misc/ntopng_template_elk6.json>
>
> ntopng automatically pushes it to ES when it detects it's version 6.
>
> Simone
>
>
> On 25 Mar 2019, at 17:18, Christina Phillips <cphillips@inei.com <mailto:cphillips@inei.com>> wrote:
>
> Hello. I have be previously able (Elasticsearch 5.6) to import the ntopng-ES template into ES when the index name is not “ntopng.” Since the template changed for ES 6 and above – is there a way to see the updated ntopng-ES template for ES6 so I can update my indices to pick up the geoip and IP fields? Currently they are number and string fields.
>
> Thank you.
>
> CHRISTINA PHILLIPS / Director, IT Security Practice
> INDEPENDENT NETWORK CONSULTANTS
> e: cphillips@inei.com <mailto:cphillips@inei.com> m: 703.626.0385 <tel:703.626.0385>
> http://incsecurity.wordpress.com <http://incsecurity.wordpress.com/>
> Twitter: https://twitter.com/ITSecurityNinja <https://twitter.com/ITSecurityNinja>
> LinkedIn: www.linkedin.com/in/ChristinaPMBA <http://www.linkedin.com/in/ChristinaPMBA>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal