46
General Discussion / Re: Unable to get Telegraf plugin to send IPS data (suricata)
« on: July 27, 2021, 10:23:32 pm »
Having this in /usr/local/etc/telegraf.conf ;
.. Enables me to create this cell in InfluxDBv2 Dashboard:
Some kind of progress! Even though I don't fully understand what I am doing just yet
Code: [Select]
[[inputs.file]]
files = ["/tmp/eve.json"]
data_format = "json"
tag_keys = ["event_type","src_ip","src_port","dest_ip","dest_port"]
name_override = "suricata"
json_time_key = "timestamp"
json_time_format = "2006-01-02T15:04:05-0700"
.. Enables me to create this cell in InfluxDBv2 Dashboard:
Code: [Select]
from(bucket: "opnsense")
|> range(start: v.timeRangeStart, stop: v.timeRangeStop)
|> filter(fn: (r) => r["_measurement"] == "suricata")
|> group(columns: ["_time"])
|> last()
|> group()
|> keep(columns: ["_time", "src_ip", "src_port","event_type","dest_ip", "dest_port"])
Some kind of progress! Even though I don't fully understand what I am doing just yet