How to Change Default Index Pattern on Filebeat dashboards on Kibana

nunex_17 · August 15, 2021, 6:11pm

Hi.

I am having a hard time trying to figure this out. I changed the default index name to suricata-ids.

Also, added this line in order to use this new index on the default dashboards.

But still, default dashboards are pointing to filebeat index.

stephenb · August 15, 2021, 6:21pm

Did you clean out the old dashboards and the run setup again.

nunex_17 · August 15, 2021, 6:53pm

Yes, already did that again

stephenb · August 15, 2021, 6:59pm

Interesting this is not working for me either.... even when I clean out and run setup.

This seems like a bug... perhaps you could file a bug report.

What I did do ... and you can for a workaround is

edit the visualizations jsons from the filebeat directory

kibana/7/dashboard/filebeat-suricata-alert-overview.json
kibana/7/dashboard/filebeat-suricata-event-overview.json

And replace the filebeat-* with your suricata-ids-*

That seems to work for me. Obviously this is a work around.

Also Please don't post screenshots of text some people can not read it and it can not be searched on nor can we cut-n-paste to test.

Note : I asked a question internally as well.

nunex_17 · August 15, 2021, 7:51pm

Thank you!

Problem solved. I will file a bug report

system · September 12, 2021, 9:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Change filebeat default index name while using Suricata module Beats filebeat	4	331	May 25, 2021
Loading filebeat default dashboard while using different index name Beats filebeat	3	1232	July 15, 2019
Renaming example Kibana dashboards Beats filebeat	2	3680	April 13, 2018
Default kibana dashboards with custom index name Kibana beats-module	3	1122	December 6, 2019
Changing index for dashboard Kibana	2	544	November 14, 2019