THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Log into the Metron UI Dashboard: http://HOST_WITH_WEB_TAG:5000
- Select "Visualize" Tab --> Select "Line Chart" Visualization --> Select "From a new search" for Search Source --> Select "squid*" index source
- Configure the Visualization like the following:
- Click the Save Icon on the right right corner --> Name the Visualization "Squid Events Histogram" and click Save
- Select "Dashboard" Tab --> Click the plus icon --> Select "Visualization" tab --> Search for "Squid Events Histogram" --> Select it
- The visualization will be added to the bottom of the dashboard
- Click the save icon on the top right to save the dashboard.
Adding a Detail Panel
- Log into the Metron UI Dashboard: http://HOST_WITH_WEB_TAG:5000
- Select "Discover" Tab --> Select the "squid*" index
- Search for only docs in this index with type of squid_doc
- Type the following in search "_type: squid_doc"
- click the search icon
- Now we only to select subset of the fields that we want to display in the detail panel. In the left hand panel under "Available Fields", "add" the following fields:
- full_hostname
- ip_src_addr
- ip_dst_addr
- original_string
- method
- type
- The discover/search panel should look something like the following:
- Click the "Save" icon on the top right corner --> name the search "Squid Event Details" --> Click Save
- Select "Dashboard" Tab --> Click the plus icon --> Select "Searches" tab --> Search for "Squid Event Details" --> Select it
- The visualization will be added to the bottom of the dashboard
- Click the save icon on the top right to save the dashboard.
The Dashboard with the 3 Squid Panels
The following is what the new dashboard would look like with the 3 squid panels added.
