Is there a way to manually load the Winlogbeat dashboard into Kibana in an environment where the windows servers have no direct access to Elastic or Kibana? (Winlogbeat & Kibana 6.0.0)
Visualizations, saved searches, and dashboards can be manually added to kibana under management => saved objects => Import.
Hey @Nathan_Reese - I tried importing Winlogbeat-overview.json from winlogbeat-6.0.0-windows-x86_64 this morning, and got the following message: Saved Objects: Saved objects file format is invalid and cannot be imported.
The file looks like a collection of a half dozen visualizations and a dashboard. If I try to import an individual visualization (copy/paste to a new file, put array braces around the object),
[ { "attributes": { "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": "{\n \"index\": \"winlogbeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" }, "title": "Number of Events Over Time By Event Log", "uiStateJSON": "{}", "version": 1, "visState": "{\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"log_name\",\n \"size\": 6,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" }, "id": "Number-of-Events-Over-Time-By-Event-Log", "type": "visualization", "version": 1 }]
Get the following error:
TypeError: Cannot read property 'title' of undefined at importDocument (http://127.214.175.158:5601/bundles/kibana.bundle.js?v=16070:160:20869) at Function.Promise.try (http://127.214.175.158:5601/bundles/commons.bundle.js?v=16070:86:22184) at http://127.214.175.158:5601/bundles/commons.bundle.js?v=16070:86:21568 at Array.map (<anonymous>) at Function.Promise.map (http://127.214.175.158:5601/bundles/commons.bundle.js?v=16070:86:21523) at http://127.214.175.158:5601/bundles/kibana.bundle.js?v=16070:160:22225 at processQueue (http://127.214.175.158:5601/bundles/commons.bundle.js?v=16070:39:9912) at http://127.214.175.158:5601/bundles/commons.bundle.js?v=16070:39:10805 at Scope.$digest (http://127.214.175.158:5601/bundles/commons.bundle.js?v=16070:39:21741) at ChildScope.$apply (http://127.214.175.158:5601/bundles/commons.bundle.js?v=16070:39:24520)
Ended up spinning up elastic/stack-docker locally, pointing a local winlogbeat at that, exporting from there and importing back into production. Looks like there are some differences between the file delivered with wonlogbeat and the kibana export. e.g. presence or lack of an underscore in key names.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.