In this chapter we will:
- Setup Kibana in order to view your logs
- Import some premade dashboards
- Check you are getting logs from your clients
Once you have completed chapters 1 to 3, you can import a set of Kibana dashboards that we have created. These will help visualise the logs, and answer questions like 'What patch level are my clients running?'.
In a web browser, navigate to https:\\your_Linux_server and authenticate with the credentials provided in Chapter 3.2.
First you will need to create an index. If you would like to use the pre-made dashboards, the import process creates the index for you.
The dashboard and visualisation objects are contained within a NDJSON file (previously JSON) and can be easily imported by clicking ‘Management’ -> ‘Saved Objects’. Please follow the steps in Figure 1, and the NDJSON files are located in Chapter 4 Files\dashboard 'version'.ndjson.
Figure 1 - Steps to import objects
A number of the dashboards should automatically be visible under the ‘Dashboard’ tab on the left-hand side.
Click on the 'Dashboard' tab, on the left-hand side then select 'HealthCheck Dashboard - Overview'. This will show a dashboard similar to Figure 2 (although the graphs will have less data on them).
Figure 2 - The LME HealthCheck Dashboard - Overview
In the top right hand corner, click on 'Last 15 minutes' and select Today. This will change the date range to only include todays data, and the dashboard will then have an accurate representation of machines that have been sending logs. Changing to 'Last 7 days' will be useful in the future to visualise logs over time. Please see Figure 3 below.
Figure 3 - Time range filter
If you have never used Kibana before, Elasticsearch have provided a number of videos exploring the features of Kibana and how to create new dashboards and analytics. https://www.youtube.com/playlist?list=PLhLSfisesZIvA8ad1J2DSdLWnTPtzWSfI