Hello,
In the package auditbeat-oss-8.11.2-linux-x86_64, the dashboards can be found, but they are in json format.
Since kibana 7.3 the import format is ndjson.
Is there a way to find them in ndjson format ?
regards
Bonjour Jean 
Auditbeat can normally automatically create the dashboards. See https://www.elastic.co/guide/en/beats/auditbeat/8.11/configuration-dashboards.html:
To load the dashboards, you can either enable dashboard loading in the
setup.dashboardssection of theauditbeat.ymlconfig file, or you can run thesetupcommand. Dashboard loading is disabled by default.
Why would you like to do that manually?
Hello David,
Thanks for your reply.
I saw that auditbeat can do it using API, but from my auditbeat agent, I have no access to API, auditbeat is not directly connected to elk, it sends to a logstash service which is sending to elk.
That's why i'm searching a way to import dashboards manually.
Regards
Hi,
You would need to convert the JSON files to NDJSON format manually, this is a very basic way to convert and might not work for complex JSON objects. There are also online tools available that can convert JSON to NDJSON.
Once you have the NDJSON file, you can import it into Kibana manually.
I see. Out of curiosity, what do you need Logstash for in that case?
Because, auditbeat agents (as others log providers) are not in the same network zone than elk.
I've created a temporary elk docker near the auditbeat agents, then import the dashboard with the setup command, and then I've been able to export/import in the ndjson format
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.