Elastic.co Kibana Report

(bruno.dev) #1

Hi, i have this licence free elastic.co running on PI3. it's work like a charm, RAM 75% full. I am looking for a solution to create a report. The report will be a letter and a data table containing evidences (IP address, syslog firewall message , port attacked, timestamp). I will send the report per email. I can ran python too or mix has i do it for this project. The data table visualization need a parameter which is the IP to search in the index.
What would you suggest as best strategy ? thanks regards. My constraints are RAM and cost as it's for home but i can also use and another PI (i could accept).
thanks for tips :fireworks:

(Joe Fleming) #2

Start with a dashboard showing all the pieces of information you want. It sounds like you just need a simple datatable vis, but add whatever else you think is useful.

The data table visualization need a parameter which is the IP to search in the index.

The only way to do this programmatically in Kibana is to modify a filter parameter in the URL. So, for example, on the dashboard you created, add a filter for a given IP address. You'll see this filter and IP in the URL for the page, and you can use that URL as a template for changing the filter. Change the IP in the URL and you'll see the dashboard update and apply a filter for the IP you changed it to.

Once you have that, you can use that URL with the Reporting feature in X-Pack to generate a PDF of the dashboard. The easiest way to do this is to use the Watcher feature in X-Pack, which will also handle the e-mail sending for you. The docs for creating an automated Watch shows how to use Watcher and Reporting together to send an email. The URL you use in the watch will be the generated URL with your desired IP address in the filter.

Note that both of these features require a paid license for X-Pack, unless you only need CSV output, in which case the free Reporting feature will provide that. If you prefer to stick with the free offerings, you'll need to roll your own thing to create the report and email it off. Using cron or writing a custom thing in Python would work.

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.