WARNING: Version 1.1 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Before starting Packetbeat, you need to load the index template, which lets Elasticsearch know which fields should be analyzed in which way.
The recommended template file is installed by the Packetbeat packages. Load it with the following command:
deb or rpm:
curl -XPUT 'http://localhost:9200/_template/packetbeat' -d@/etc/packetbeat/packetbeat.template.json
cd packetbeat-1.1.2-darwin curl -XPUT 'http://localhost:9200/_template/packetbeat' -firstname.lastname@example.org
PS C:\Program Files\Packetbeat> Invoke-WebRequest -Method Put -InFile packetbeat.template.json -Uri http://localhost:9200/_template/packetbeat?pretty
localhost:9200 is the IP and port where Elasticsearch is listening.
If you’ve already used Packetbeat to index data into Elasticsearch,
the index may contain old documents. After you load the index template,
you can delete the old documents from
packetbeat-* to force Kibana to look
at the newest documents. Use this command:
curl -XDELETE 'http://localhost:9200/packetbeat-*'.