Visualization errors in Kibana

Hi there!

I see a lot of errors like the following in Kibana:

“Could not locate that visualization (id: be038c50-7634-11e7-816f-dfd8286d165a)”

I have run a git clone of the current rock-dashboards on https://github.com/rocknsm/rock-dashboards and imported the visualizations and dashboards in the new ndjson format, but that didn’t resolve it.

Would anyone have some pointers on getting the visualizations to work?

Thanks,

Andreas.

I had similar issues, posted but didnt get any pointers either - waiting for a new build - have tried the prebuilds but all show the same behaviour - in the interim I use suricata feeding a regular ELK stack via file and packetbeat which works out of the box and surprisingly well …

Thanks for sharing.

I also tried rebuilding a server, but that’s now failing at

TASK [bro : Install packages]:
“Transaction check error:\n file /etc/GeoIP.conf from install of geoipupdate-2.5.0-1.el7.x86_64 conflicts with file from package GeoIP-1.5.0-13.el7.x86_64”

Not sure what to do to get a working build, other than going deep into the Ansible playbooks.

Haven’t run into the GeoIP issue. I’ll take a look at that. With regards to the visualizations, checking out the rock-dashboards repo and use the ecs-cofiguration is currently your best bet. To do that, you’ll want to use the Elasticsearch config to import the new templates, and replace the existing Logstash pipeline to use the new Elastic Common Schema format. Then the Kibana visualizations in the ndjson format should show data. I recommend you remove any existing Kibana visualizations left from your previous install.