Regardless, I noticed that under Index Patterns, I have 4 *:logstash-* index patterns and one set as default. I've done nothing at this point but run the so-setup and add one logstash conf file, which I'd used in the past SO releases.
Should this happen? Can I safely delete the other 3?
Discover: Request Timeout after 30000ms
Error: Request Timeout after 30000ms
at https://X.X.X.X/bundles/kibana.bundle.js?v=16363:61:163257
at https://X.X.X.X/bundles/kibana.bundle.js?v=16363:61:163678
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Josh,I'm not sure why there are mutliple *:logstash-* index patterns in Kibana, but you should be able to remove the non-default one(s) without issue. In regard to the timeout issue, have you tried simply restarting with 'sudo so-elastic-restart'?Thanks,Wes
On Tue, Jan 30, 2018 at 9:30 AM, 'Josh Silvestro' via security-onion <security-onion@googlegroups.com> wrote:
Also, for almost every search I run I get
Discover: Request Timeout after 30000ms
Error: Request Timeout after 30000ms
at https://X.X.X.X/bundles/kibana.bundle.js?v=16363:61:163257
at https://X.X.X.X/bundles/kibana.bundle.js?v=16363:61:163678
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/xxmIitQBcPQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
--Thank You,Joshua Silvestro
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
Not sure if it's just related to the latest version of Elasticsearch, because I fired up the Beta 3 and it ran fine no issues still with 250 sample size. Back to RC1 and a sample size of 50 yells at me.
I've confirmed I can duplicate the issue consistently with "Sample Size" changes. If I have 100+ it will time out. If I have (at this time) 50 or less it's fine. But again, with the data I've testing with, 300 events, 50 or less show blocked, but I can't really know about the other 200+ without modifying down to finite time frames.
Or am I just going about it the wrong way?
Hi Josh,
I just tested in a VM with discover:sampleSize 500 and I'm not getting
any timeout errors. Are you able to duplicate this on a fresh
installation?
On Wed, Jan 31, 2018 at 1:08 PM, 'Josh Silvestro' via security-onion
<security-onion@googlegroups.com> wrote:
> On Wednesday, January 31, 2018 at 12:58:47 PM UTC-5, Josh Silvestro wrote:
>> So I'm still getting timeout issues. I've taken the sample size down to 50 now and still having time outs. Unless I'm improperly using it, a default sample size of 10 seems not always helpful. If a port scan or FTP brute force is attempted and I can only view 10 out of 100 events, I don't truly get a good grasp of the situation and if additional action is needed.
>>
>> Not sure if it's just related to the latest version of Elasticsearch, because I fired up the Beta 3 and it ran fine no issues still with 250 sample size. Back to RC1 and a sample size of 50 yells at me.
>
> I've confirmed I can duplicate the issue consistently with "Sample Size" changes. If I have 100+ it will time out. If I have (at this time) 50 or less it's fine. But again, with the data I've testing with, 300 events, 50 or less show blocked, but I can't really know about the other 200+ without modifying down to finite time frames.
>
> Or am I just going about it the wrong way?
>
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/xxmIitQBcPQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
>> > an email to security-onion+unsubscribe@googlegroups.com.
>> > To post to this group, send email to security-onion@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/security-onion.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>>
>>
>> --
>> Doug Burks
>>
>> --
>> Follow Security Onion on Twitter!
>> https://twitter.com/securityonion
>> ---
>> You received this message because you are subscribed to a topic in the
>> Google Groups "security-onion" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/security-onion/xxmIitQBcPQ/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> security-onion+unsubscribe@googlegroups.com.
>> To post to this group, send email to security-onion@googlegroups.com.
>> Visit this group at https://groups.google.com/group/security-onion.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Thank You,
> Joshua Silvestro
>
>
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/xxmIitQBcPQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Wasn't sure if I should open a new thread, but I seem to do that often. However, in RC2, I still have multiple *:logstash-* listed under index.
Hi Josh,Did you upgrade, or install from the new ISO?Thanks,Wes
On Tue, Feb 20, 2018 at 5:36 PM, 'Josh Silvestro' via security-onion <security-onion@googlegroups.com> wrote:
Wasn't sure if I should open a new thread, but I seem to do that often. However, in RC2, I still have multiple *:logstash-* listed under index.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/xxmIitQBcPQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Thank You,Joshua Silvestro
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.