Custom index does NOT show in Kibana

panagiss · August 15, 2021, 8:01pm

I'm outputting a custom index from Logstash to Elastisearch but it won't show in KIbana's main dashboards (e.g. Security panel / data sources).

While it will show in index management in settings.

Here is the how output data into the index from logstash:

output{

    elasticsearch{
        hosts => ["https://localhost:9200"]
        index => "logstash-misp-enriched"
        user => logstash_user
        password => "apass"
        ssl => true
        cacert => "./elasticsearch-ca.pem"
        http_compression => true
	sniffing => false
    }
}

stephenb · August 15, 2021, 8:13pm

Did you create and index pattern?
Index patterns is what dashboards work with not individual indices

panagiss · August 15, 2021, 10:52pm

Thanks for the answer. It cleared a lot of things in my head.
One more question:

I make my own custom schema in terms of event fields. So do i have to use the ECS, or few of the ECS's fields, or i can make my own visualizations in Kibana with custom fields?

What do you suggest?
Thanks again

stephenb · August 15, 2021, 11:08pm

Glad we could help.

That's a bit bigger question.

There are certainly advantaged of mapping to ECS If you want to take advantage of the security analytics applications within Kibana and some of the default detections and other features etc.

But it's not required if you want to do everything custom.

You can read about that here

system · September 12, 2021, 11:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.