Show my user details in a table

Elastic Stack Kibana
1

I am new to kibana.
Elastic stack version 6.6.1
Currently I have a setup Filebeats --> Logstash --> Elastic Search --> Kibana.

I am using this to parse the IIS access logs.

Since I tried to load the default dashboard which comes from filebeat, but that is not what i am looking for.

I want to show the user details in a table . How can I configure this.

**iis.access.user_name.keyword    numberof hits                        pages accessed**
      john                            20                                      20

note; Instead of showing iis.access.user_name.keyword which looks ugly can I define a custom name for this value.

Similaly I also want to create a table

iis.access.url.keyword                                 number

/xyz/123                                                20
/123/xyz                                                30

Attached a sample image. Just wanted to show data similar to this.

Untitled
Untitled.png1582×857 55.7 KB

2

The easiest method would be to create a Data Table visualization by going to Visualize > New ("+" icon) > Data Table > Choose your index pattern.

  • In the left panel, under Buckets, choose Split Rows
  • Under the Aggregations dropdown, choose Terms (you may need to scroll)
  • Choose the "iis.access.user_name.keyword" field in the field dropdown
  • Select how many you'd like to display in the "Size" Field
  • Hit the "Play" button in the top right of the panel
3

Thank you . I was able to create it. One more question. I am currently getting username in my table. Is there a way to convert the user name to full name by hooking this up with our LDAP server?

4

The most standard way of doing this would be to enrich the data as you index into Elasticsearch. Logstash has a feature called Lookup Enrichment that allows you to lookup data from an outside service and add it to documents before sending them to Elasticsearch. You could use this to integrate with an LDAP server to lookup user information and then display those added fields in your Kibana visualization.

5

@joshdover Thank you. Will try it and get back with you.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.