Sure, i have followed the below
As i mentioned in my first post that i am using logstash pipeline to use the Filebeat Dashboards.
- I have write the Grok pattern for my log line with all the required field which i need.
- Now restarted the logstash service in order made my changes effective.
- Now all the required fields were visible on Kibana dashboard.
Now we need to add our required field in SSH Login Attempt [Filebeat] dashboard.
We can add the filed according to us by making the changes in
Saved Searches for SSH Login Attempt Dashboard. We can reach there by following the below step:
- Click on
Discover tab on left hand site on kibana dashboard.
- Now click on
Open tab on right hand top corner in Kibana dashboard.
- Now you will see the list of many saved serches and choose SSH Login Attempt Dashboard.
- Once you open that dashboard in new tab you will see the list of all by defaults fields on left hand side of kibana dashbaord. Now you can add or remove as per your requirements.
- After making changes click on
save tab on kibana dashboard. Save without selecting
save as new serach.
I got above issue because earlier when i wrote my grok pattern none of the field were match with any by default fileds available in
SSH Login Attempt dashboard.
So again i made some changes in my Grok pattern and give the one field name as it is which available in by default fields. Now when i follow that same steps again to make changes in my SSH Login Attempts Dashboard and i saw all the newly created fields in list.
Above steps may be not quite clear. But i am hoping it will give a lead in that direction.