No data in dashboard

i followed the following guide to setup elastiflow under docker_install: GitHub - elastiflow/ElastiFlow-Tools: Script to easily install ElastiFlow for ElasticSearch with all dependencies

after the setup is finished, i configured my fortigate to send netflow logs to the elastiflow, i can access kibana but i dont see any data on the dashboard
when i tried to use the “Flow Exporter” i got the following error: Unable to fetch terms, error: Required one of fields [field, script], but none were specified.
I then check in Analytics > Discover, I was greeted with the error: Make sure that the data view elastiflow-flow-codex-* with index pattern elastiflow-flow-codex-* has matching indices and documents and that you have permission to view them.

doing tcpdump on the linux server shows that logs are being received, also checked the fortigate and i can see the packets are being sent so i’m not really sure what the issue is

any help is appreciated

Take a look at either your flowcoll.yml or your elastiflow_compose.yml and see which ports your flowcoll is listening on:

EF_FLOW_SERVER_UDP_PORT: ‘2055,4739,6343,9995’

Make sure the port your Fortigate is sending is in this list.

EF_FLOW_SERVER_UDP_PORT: ‘2055,4739,6343,9995’ is already configured in the elastiflow_compose.yml file but i’m still not seeing anything

Check the log with docker logs <instance name> to make sure there are no errors in writing to or setting up Elasticsearch indices. Logs, config files, and screen shots all help when trying to troubleshoot so please provide what you can.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.