FLOW Visualizations appear broken in 2.1.0


#1

I’m trying to analyze flows and wanted to try using the FLOW visualizations, but they’re all broken. I installed from rocknsm-2.1.0.iso. Apologies in advance - I’m new to RockNSM AND to the ELK stack…

I’ve been running a decent amount of traffic through the box and all the existing indexes are populated, all the bro and Suricata index patterns are marked “Searchable”, but the index pattern fields referenced below are missing. I’m able to find similar named ones.
Example:
Missing: meta.geoip_dest.country_code2
Found: @meta.geoip_resp.country_code2
Questions

  • Have they been renamed?
  • If so, how can I fix them?

Some Details:
All five report:
There is a problem with this saved object
A field associated with this object no longer exists in the index pattern.
If you know what this error means, go ahead and fix it — otherwise click the delete button above.

Individually they report the following "Saved object is missing"
FLOW - Bytes to Server
Could not locate that index-pattern-field (id: @ meta.geoip_dest.country_code2.keyword)
FLOW - Bytes to Client
Could not locate that index-pattern-field (id: @ meta.geoip_src.country_code2.keyword)
FLOW - Connection Flows
Could not locate that index-pattern-field (id: src_ip.keyword)
FLOW - Top Clients By Data
Could not locate that index-pattern-field (id: src_ip.keyword)
FLOW - Top Destinations By Data
Could not locate that index-pattern-field (id: dest_ip.keyword)

Thanks for any help!