Custom index does NOT show in Kibana

Elastic Stack Kibana
1

I'm outputting a custom index from Logstash to Elastisearch but it won't show in KIbana's main dashboards (e.g. Security panel / data sources). image

While it will show in index management in settings.

image
image948×804 30.2 KB

Here is the how output data into the index from logstash:

output{

    elasticsearch{
        hosts => ["https://localhost:9200"]
        index => "logstash-misp-enriched"
        user => logstash_user
        password => "apass"
        ssl => true
        cacert => "./elasticsearch-ca.pem"
        http_compression => true
	sniffing => false
    }
}
2

Did you create and index pattern?
Index patterns is what dashboards work with not individual indices

1 Like
3

Thanks for the answer. It cleared a lot of things in my head.
One more question:

I make my own custom schema in terms of event fields. So do i have to use the ECS, or few of the ECS's fields, or i can make my own visualizations in Kibana with custom fields?

What do you suggest?
Thanks again

4

Glad we could help.

That's a bit bigger question. :slight_smile:

There are certainly advantaged of mapping to ECS If you want to take advantage of the security analytics applications within Kibana and some of the default detections and other features etc.

But it's not required if you want to do everything custom.

You can read about that here

1 Like
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.