...
4. Then click the 'Create' button.
Save a Squid Search
Let's create a basic data table so that a user can inspect record-level details for Squid. In Kibana, this is done by creating a 'Saved Search'
Info |
---|
Click on the image above to see each of these steps performed. |
1. Click on `Discover` and then choose the newly created `squid*` index pattern.
2. In the 'Fields' panel on the left, choose which fields to include in the saved search. Click the 'Add' button next to each field.
3. Click on the 'Save' icon near the top-right to save the search.
Review the Data
Now that Kibana is aware of the new Squid index, let's take a look at the data.
Info |
---|
Click on the image above to see each of these steps performed. |
...
After using the `Discover` panel to better understand the Squid data, let's create a few visualizations.
Info |
---|
Click on the image above to see each of these steps performed. |
...
6. Near the top-right side of the screen click on the 'Save' icon to save the visualization. Name it something appropriate. This will allow us to use the visualization in a dashboard later.
Customize the Dashboard
Info |
---|
Click on the image above to see each of these steps performed. |
...
4. Scroll to the bottom of the dashboard to find the visualization that was added. From here you can resize and move the visualization as needed.
5. Continue enhancing the dashboard by adding the 'Saved Search' that was previously created.
Summary
At this point you should be comfortable customizing a dashboard as you add new sources of telemetry to Metron. This article introduced Metron's default dashboard that is built upon Kibana 4. It covered the elements present in the dashboard and how you can extend the dashboard for your own purposes.
...