Kibana queries and Dashboard for rsyslog data

velpulap · January 12, 2019, 7:07am

Hi,

I'm new baby for ELK.

We have demo to show case the central logging using ELK Solution.

We have been provided with a small demo environment.

And our monitoring solution is Check_MK.

There are some machines like VMware and Nexenta Storage which don't have Check_MK agent installed, so these machines logs are forwarded to Logstash using rsyslog and we are able to see the indexes in Kibana.

There are some windows machines which have Check_MK agent, for which CMKbeat is used to get the info from Check_MK.

I'm trying to show case a demo to the team for all technologies mentioned above.

I'm have created couple of basic dashboards with sample search like error, warnings.

I think we still have more to fine tune this search and create dashboards.

Could you please help/guide me with sample use cases and example, so that i can try and replicate the same.

Thank you understanding.

stiltz · January 12, 2019, 6:17pm

If you're looking for some examples there are some on github if you search around. One of the nice examples with the code to support it is the arcsight module in x-pack.
Code: https://github.com/elastic/logstash/tree/master/x-pack/modules/arcsight/configuration/kibana/6.x
Screenshots: https://www.elastic.co/arcsight

I used these examples and code to get a better idea of how some of the "advanced" visualizations worked. Your data won't map exactly but it might help give you some ideas and place to start.

system · February 9, 2019, 6:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.