tweaking, bump elastic stack to 7.14.1, rebuild dashboards

docker/elk/logstash/dist/logstash.conf

@@ -314,6 +314,14 @@ filter {
     }
   }
 
+# Ddospot
+  if [type] == "Ddospot" {
+    date {
+      match => [ "time", "yyyy-MM-dd HH:mm:ss.SSSSSS" ]
+      remove_field => ["time"]
+    }
+  }
+
 # Dionaea
   if [type] == "Dionaea" {
     date {
@@ -534,18 +542,20 @@ filter {
 
 # Drop if parse fails
 if "_grokparsefailure" in [tags] { drop {} }
+if "_jsonparsefailure" in [tags] { drop {} }
+
 
 # Add geo coordinates / ASN info / IP rep.
   if [src_ip]  {
     geoip {
       cache_size => 10000
       source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.1.3-java/vendor/GeoLite2-City.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.2-java/vendor/GeoLite2-City.mmdb"
     }
     geoip {
       cache_size => 10000
       source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.1.3-java/vendor/GeoLite2-ASN.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.2-java/vendor/GeoLite2-ASN.mmdb"
     }
     translate {
       refresh_interval => 86400
@@ -576,6 +586,11 @@ if "_grokparsefailure" in [tags] { drop {} }
         convert => { "id" => "string" }
     }
   }
+  if [request] {
+    mutate {
+        convert => { "request" => "string" }
+    }
+  }
 
 # Add T-Pot hostname and external IP
 #  if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "CitrixHoneypot" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dicompot" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Fatt" or [type] == "Glutton" or [type] == "Honeysap" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Ipphoney" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" {