THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
This article will introduce Metron's default dashboard that is built upon Kibana 4. It will cover the elements present in the dashboard and how you can extend the dashboard for your own purposes. This is Part 7 of a multi-part tutorial series covering Apache Metron (incubating).
- Metron Tutorial - Fundamentals Part 1: Creating a New Telemetry [DRAFT]
- Metron Tutorial - Fundamentals Part 2: Creating a New Enrichment [DRAFT]
- Metron Tutorial - Fundamentals Part 4: Pluggable Threat Intelligence
- Metron Tutorial - Fundamentals Part 5: Threat Triage
- Metron Tutorial - Fundamentals Part 6: Streaming Enrichment
...
Now that we have a Squid index with all of the right data types, we need to tell Kibana about this index.
| Info |
|---|
Click on the image above to see each of these steps performed. |
...
4. Then click the 'Create' button.
Review the Squid Data
Now that Kibana is aware of the new Squid index, let's take a look at the data.
| Info |
|---|
Click on the image above to see each of these steps performed. |
1. Click on `Discover` and then choose the newly created `squid*` index pattern.
2. By clicking any of the fields on the left menu, you can see a representation of the variety of data for that specific fields.
3. Clicking on a specific record will show each field available in the data.
Save a Squid Search
Let's create a basic data table so that a user can inspect record-level details for Squid. In Kibana, this is done by creating a 'Saved Search'
| Info |
|---|
Click on the image above to see each of these steps performed. |
1. Click on `Discover` and then choose the newly created `squid*` index pattern.
...
3. Click on the 'Save' icon near the top-right to save the search.
...
Visualize the
...
Now that Kibana is aware of the new Squid index, let's take a look at the data.
| Info |
|---|
Click on the image above to see each of these steps performed. |
1. Click on `Discover` and then choose the newly created `squid*` index pattern.
2. By clicking any of the fields on the left menu, you can see a representation of the variety of data for that specific fields.
3. Clicking on a specific record will show each field available in the data.
...
Squid Data
After using the `Discover` panel to better understand the Squid data, let's create a few visualizations.
...