I have a SecurityOnion instance that's hosting an ELK 8.6.1 stack. I enabled the threat intelligence module and I have data coming in and could be visualized using the discovery tool. However , and from my research, when it comes to securityOnion the only way to have the filebeats' default dashboard is to import it as a saved object. I tried installing the filebeat package on a different host and going to filebeat > Kibana > dashboards and trying to convert the json file for the specific dashboard I want to an ndjson but apparently the types are not compatible. In the original json file, some objects within the top dashboard objects are valid JSON objects and when I try to import the ndjson after conversion into kibana it says that it is expecting a text for that field.
I tried looking online for valid ndjson instances of the dashboards but I can't seem to find any. Is there a simple way to achieve what am trying to achieve?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.