Have you started ntopng with the -F es option? You can find a full example aboutits usage in ntopng's manpage.
Hi,
Looking at the source sent to Elasticsearch, it looks like the SRC_AS and DST_AS get bundled up in to the json field, rather than being given their own field (which as part of the template I'd of expected them to be their own field) which had thrown me in to thinking it was an ntopng issue.
Solved it with a different version of the GeoIPASNum.dat file. Thanks, -- Karl Austin KDA Web Services Ltd. Registered in England: 4114724 Midcity House, 17-21 Furnival Gate Sheffield, South Yorkshire S1 4QR, England _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
