159 lines
5.3 KiB
Text
159 lines
5.3 KiB
Text
//////////////////////////////////////////////////////////////////////////
|
|
//// This content is shared by all Elastic Beats. Make sure you keep the
|
|
//// descriptions here generic enough to work for all Beats that include
|
|
//// this file. When using cross references, make sure that the cross
|
|
//// references resolve correctly for any files that include this one.
|
|
//// Use the appropriate variables defined in the index.asciidoc file to
|
|
//// resolve Beat names: beatname_uc and beatname_lc.
|
|
//// Use the following include to pull this content into a doc file:
|
|
//// include::../../libbeat/docs/dashboards.asciidoc[]
|
|
//////////////////////////////////////////////////////////////////////////
|
|
|
|
{beatname_uc} comes packaged with example Kibana dashboards, visualizations,
|
|
and searches for visualizing {beatname_uc} data in Kibana. Before you can use
|
|
the dashboards, you need to create the index pattern, +{beat_default_index_prefix}-*+, and
|
|
load the dashboards into Kibana. To do this, you can either run the `setup`
|
|
command (as described here) or
|
|
<<configuration-dashboards,configure dashboard loading>> in the
|
|
+{beatname_lc}.yml+ config file.
|
|
|
|
This requires a Kibana endpoint configuration. If you didn't already configure
|
|
a Kibana endpoint, see <<{beatname_lc}-configuration,configure {beatname_uc}>>.
|
|
|
|
Make sure Kibana is running before you perform this step. If you are accessing a
|
|
secured Kibana instance, make sure you've configured credentials as described in
|
|
<<{beatname_lc}-configuration>>.
|
|
|
|
To set up the Kibana dashboards for {beatname_uc}, use the appropriate command
|
|
for your system. The command shown here loads the dashboards from the {beatname_uc}
|
|
package. For more options, such as loading customized dashboards, see
|
|
{beatsdevguide}/import-dashboards.html[Importing Existing Beat Dashboards] in
|
|
the _Beats Developer Guide_.
|
|
ifndef::only-elasticsearch[]
|
|
If you've configured the Logstash output, see
|
|
<<load-dashboards-logstash>>.
|
|
endif::[]
|
|
|
|
ifdef::allplatforms[]
|
|
|
|
ifeval::["{requires-sudo}"=="yes"]
|
|
|
|
include::../../libbeat/docs/shared-note-sudo.asciidoc[]
|
|
|
|
endif::[]
|
|
|
|
*deb and rpm:*
|
|
|
|
["source","sh",subs="attributes"]
|
|
----------------------------------------------------------------------
|
|
{beatname_lc} setup --dashboards
|
|
----------------------------------------------------------------------
|
|
|
|
|
|
*mac:*
|
|
|
|
["source","sh",subs="attributes"]
|
|
----------------------------------------------------------------------
|
|
./{beatname_lc} setup --dashboards
|
|
----------------------------------------------------------------------
|
|
|
|
|
|
*docker:*
|
|
|
|
["source","sh",subs="attributes"]
|
|
----------------------------------------------------------------------
|
|
docker run --net="host" {dockerimage} setup --dashboards
|
|
----------------------------------------------------------------------
|
|
|
|
*win:*
|
|
|
|
endif::allplatforms[]
|
|
|
|
Open a PowerShell prompt as an Administrator (right-click the PowerShell icon
|
|
and select *Run As Administrator*).
|
|
|
|
From the PowerShell prompt, change to the directory where you installed {beatname_uc},
|
|
and run:
|
|
|
|
["source","sh",subs="attributes"]
|
|
----------------------------------------------------------------------
|
|
PS > .{backslash}{beatname_lc}.exe setup --dashboards
|
|
----------------------------------------------------------------------
|
|
|
|
ifndef::only-elasticsearch[]
|
|
[[load-dashboards-logstash]]
|
|
==== Set up dashboards for Logstash output
|
|
|
|
During dashboard loading, {beatname_uc} connects to Elasticsearch to check
|
|
version information. To load dashboards when the Logstash output is enabled, you
|
|
need to temporarily disable the Logstash output and enable Elasticsearch. To
|
|
connect to a secured Elasticsearch cluster, you also need to pass Elasticsearch
|
|
credentials.
|
|
|
|
TIP: The example shows a hard-coded password, but you should store sensitive
|
|
values in the <<keystore,secrets keystore>>.
|
|
|
|
ifdef::allplatforms[]
|
|
|
|
*deb and rpm:*
|
|
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
{beatname_lc} setup -e \
|
|
-E output.logstash.enabled=false \
|
|
-E output.elasticsearch.hosts=['localhost:9200'] \
|
|
-E output.elasticsearch.username={beat_default_index_prefix}_internal \
|
|
-E output.elasticsearch.password={pwd} \
|
|
-E setup.kibana.host=localhost:5601
|
|
----
|
|
|
|
|
|
*mac:*
|
|
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
./{beatname_lc} setup -e \
|
|
-E output.logstash.enabled=false \
|
|
-E output.elasticsearch.hosts=['localhost:9200'] \
|
|
-E output.elasticsearch.username={beat_default_index_prefix}_internal \
|
|
-E output.elasticsearch.password={pwd} \
|
|
-E setup.kibana.host=localhost:5601
|
|
----
|
|
|
|
|
|
*docker:*
|
|
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
docker run --net="host" {dockerimage} setup -e \
|
|
-E output.logstash.enabled=false \
|
|
-E output.elasticsearch.hosts=['localhost:9200'] \
|
|
-E output.elasticsearch.username={beat_default_index_prefix}_internal \
|
|
-E output.elasticsearch.password={pwd} \
|
|
-E setup.kibana.host=localhost:5601
|
|
----
|
|
|
|
|
|
*win:*
|
|
|
|
endif::allplatforms[]
|
|
|
|
Open a PowerShell prompt as an Administrator (right-click the PowerShell icon
|
|
and select *Run As Administrator*).
|
|
|
|
From the PowerShell prompt, change to the directory where you installed {beatname_uc},
|
|
and run:
|
|
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
PS > .{backslash}{beatname_lc}.exe setup -e `
|
|
-E output.logstash.enabled=false `
|
|
-E output.elasticsearch.hosts=['localhost:9200'] `
|
|
-E output.elasticsearch.username={beat_default_index_prefix}_internal `
|
|
-E output.elasticsearch.password={pwd} `
|
|
-E setup.kibana.host=localhost:5601
|
|
----
|
|
|
|
|
|
endif::only-elasticsearch[]
|
|
|