Setting up Packetbeat/Elasticsearch/kibana

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Setting up Packetbeat/Elasticsearch/kibana

Sarah Larysz
I have set up Packetbeat/Elasticsearch/kibana on a Windows 2012 server as per the instructions.

1:  The rev of Kibana is 3.1.1.
2:  Packetbeat is collecting some kind of data and indexes have been created in Elasticsearch.
3:  A web browser pointing to the Elasticsearch source responds with a JASON object listing.
4:  Kibana shows a generic dashboard, but there is no listing of dashboards under "load" and I don't know if kibana is seeing any data at all from packetbeat.

What have I done wrong, and how can I test for packetbeat data? Here's my site:

http://gazoslive.com/kibana/#/dashboard/file/default.json

Here is my config.js file (though I cannot find where in the javascript code this file is read):

/** @scratch /configuration/config.js/1
 *
 * == Configuration
 * config.js is where you will find the core Kibana configuration. This file contains parameter that
 * must be set before kibana is run for the first time.
 */
define(['settings'],
function (Settings) {
 

  /** @scratch /configuration/config.js/2
   *
   * === Parameters
   */
  return new Settings({

    /** @scratch /configuration/config.js/5
     *
     * ==== elasticsearch
     *
     * The URL to your elasticsearch server. You almost certainly don't
     * want +http://localhost:9200+ here. Even if Kibana and Elasticsearch are on
     * the same host. By default this will attempt to reach ES at the same host you have
     * kibana installed on. You probably want to set it to the FQDN of your
     * elasticsearch host
     *
     * Note: this can also be an object if you want to pass options to the http client. For example:
     *
     *  +elasticsearch: {server: "http://localhost:9200", withCredentials: true}+
     *
     * elasticsearch: "http://"+window.location.hostname+":9200",
     *
     */
    elasticsearch: "http://ihpgazos.cloudapp.net:9200",

    /** @scratch /configuration/config.js/5
     *
     * ==== default_route
     *
     * This is the default landing page when you don't specify a dashboard to load. You can specify
     * files, scripts or saved dashboards here. For example, if you had saved a dashboard called
     * `WebLogs' to elasticsearch you might use:
     *
     * default_route: '/dashboard/elasticsearch/WebLogs',
     */
    default_route     : '/dashboard/file/default.json',

    /** @scratch /configuration/config.js/5
     *
     * ==== kibana-int
     *
     * The default ES index to use for storing Kibana specific object
     * such as stored dashboards
     */
    kibana_index: "kibana-int",

    /** @scratch /configuration/config.js/5
     *
     * ==== panel_name
     *
     * An array of panel modules available. Panels will only be loaded when they are defined in the
     * dashboard, but this list is used in the "add panel" interface.
     */
    panel_names: [
      'histogram',
      'map',
      'goal',
      'table',
      'filtering',
      'timepicker',
      'text',
      'hits',
      'column',
      'trends',
      'bettermap',
      'query',
      'terms',
      'stats',
      'sparklines'
    ]
  });
});



All suggestions will be valued.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/0fe67bc4-d778-4ca6-a967-6e2033cc2f9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Setting up Packetbeat/Elasticsearch/kibana

Mark Walkom-2
Opening up ES to the world is asking for a lot of pain. You really need to lock it down.

Did you install kibana from the PB repo and load the dashboards script?

On 27 October 2014 07:13, Sarah Larysz <[hidden email]> wrote:
I have set up Packetbeat/Elasticsearch/kibana on a Windows 2012 server as per the instructions.

1:  The rev of Kibana is 3.1.1.
2:  Packetbeat is collecting some kind of data and indexes have been created in Elasticsearch.
3:  A web browser pointing to the Elasticsearch source responds with a JASON object listing.
4:  Kibana shows a generic dashboard, but there is no listing of dashboards under "load" and I don't know if kibana is seeing any data at all from packetbeat.

What have I done wrong, and how can I test for packetbeat data? Here's my site:

http://gazoslive.com/kibana/#/dashboard/file/default.json

Here is my config.js file (though I cannot find where in the javascript code this file is read):

/** @scratch /configuration/config.js/1
 *
 * == Configuration
 * config.js is where you will find the core Kibana configuration. This file contains parameter that
 * must be set before kibana is run for the first time.
 */
define(['settings'],
function (Settings) {
 

  /** @scratch /configuration/config.js/2
   *
   * === Parameters
   */
  return new Settings({

    /** @scratch /configuration/config.js/5
     *
     * ==== elasticsearch
     *
     * The URL to your elasticsearch server. You almost certainly don't
     * want +http://localhost:9200+ here. Even if Kibana and Elasticsearch are on
     * the same host. By default this will attempt to reach ES at the same host you have
     * kibana installed on. You probably want to set it to the FQDN of your
     * elasticsearch host
     *
     * Note: this can also be an object if you want to pass options to the http client. For example:
     *
     *  +elasticsearch: {server: "http://localhost:9200", withCredentials: true}+
     *
     * elasticsearch: "http://"+window.location.hostname+":9200",
     *
     */
    elasticsearch: "http://ihpgazos.cloudapp.net:9200",

    /** @scratch /configuration/config.js/5
     *
     * ==== default_route
     *
     * This is the default landing page when you don't specify a dashboard to load. You can specify
     * files, scripts or saved dashboards here. For example, if you had saved a dashboard called
     * `WebLogs' to elasticsearch you might use:
     *
     * default_route: '/dashboard/elasticsearch/WebLogs',
     */
    default_route     : '/dashboard/file/default.json',

    /** @scratch /configuration/config.js/5
     *
     * ==== kibana-int
     *
     * The default ES index to use for storing Kibana specific object
     * such as stored dashboards
     */
    kibana_index: "kibana-int",

    /** @scratch /configuration/config.js/5
     *
     * ==== panel_name
     *
     * An array of panel modules available. Panels will only be loaded when they are defined in the
     * dashboard, but this list is used in the "add panel" interface.
     */
    panel_names: [
      'histogram',
      'map',
      'goal',
      'table',
      'filtering',
      'timepicker',
      'text',
      'hits',
      'column',
      'trends',
      'bettermap',
      'query',
      'terms',
      'stats',
      'sparklines'
    ]
  });
});



All suggestions will be valued.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/0fe67bc4-d778-4ca6-a967-6e2033cc2f9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAF3ZnZmvhqiWXsctSmi2fRiO%2Bhyhz71A44vDN6Y%2BxrEifrxgkQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Setting up Packetbeat/Elasticsearch/kibana

Tudor Golubenco
In reply to this post by Sarah Larysz
Hi Sarah,

It looks to me like you installed the default Kibana3 instead of the extended Kibana version (which has a few panels specific for Packetbeat). You can download it from here: https://github.com/packetbeat/kibana/releases/tag/v3.1.0-pb

You can still view the dashboards by selecting them from the Load menu. For example: http://--redacted--.com/kibana/#/dashboard/elasticsearch/Packetbeat%2520Statistics
It seems to be working fine, it's just the extra widgets that don't work.

Like Mark said, please don't leave this instance open to the world. Because of the network traffic visibility that Packetbeat provides you are quite likely to leak information.

Best Regards,
Tudor

On Sunday, October 26, 2014 9:13:58 PM UTC+1, Sarah Larysz wrote:
I have set up Packetbeat/Elasticsearch/kibana on a Windows 2012 server as per the instructions.

1:  The rev of Kibana is 3.1.1.
2:  Packetbeat is collecting some kind of data and indexes have been created in Elasticsearch.
3:  A web browser pointing to the Elasticsearch source responds with a JASON object listing.
4:  Kibana shows a generic dashboard, but there is no listing of dashboards under "load" and I don't know if kibana is seeing any data at all from packetbeat.

What have I done wrong, and how can I test for packetbeat data? Here's my site:

<a href="http://gazoslive.com/kibana/#/dashboard/file/default.json" target="_blank" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2Fgazoslive.com%2Fkibana%2F%23%2Fdashboard%2Ffile%2Fdefault.json\46sa\75D\46sntz\0751\46usg\75AFQjCNGs2X4Cq8JwDafoqCzXgdD4NiA_kw';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2Fgazoslive.com%2Fkibana%2F%23%2Fdashboard%2Ffile%2Fdefault.json\46sa\75D\46sntz\0751\46usg\75AFQjCNGs2X4Cq8JwDafoqCzXgdD4NiA_kw';return true;">http://gazoslive.com/kibana/#/dashboard/file/default.json

Here is my config.js file (though I cannot find where in the javascript code this file is read):

/** @scratch /configuration/config.js/1
 *
 * == Configuration
 * config.js is where you will find the core Kibana configuration. This file contains parameter that
 * must be set before kibana is run for the first time.
 */
define(['settings'],
function (Settings) {
 

  /** @scratch /configuration/config.js/2
   *
   * === Parameters
   */
  return new Settings({

    /** @scratch /configuration/config.js/5
     *
     * ==== elasticsearch
     *
     * The URL to your elasticsearch server. You almost certainly don't
     * want +http://localhost:9200+ here. Even if Kibana and Elasticsearch are on
     * the same host. By default this will attempt to reach ES at the same host you have
     * kibana installed on. You probably want to set it to the FQDN of your
     * elasticsearch host
     *
     * Note: this can also be an object if you want to pass options to the http client. For example:
     *
     *  +elasticsearch: {server: "<a href="http://localhost:9200" target="_blank" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2Flocalhost%3A9200\46sa\75D\46sntz\0751\46usg\75AFQjCNFH0wqeXA4AS1cOwazEejtyezdquw';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2Flocalhost%3A9200\46sa\75D\46sntz\0751\46usg\75AFQjCNFH0wqeXA4AS1cOwazEejtyezdquw';return true;">http://localhost:9200", withCredentials: true}+
     *
     * elasticsearch: "http://"+window.location.hostname+":9200",
     *
     */
    elasticsearch: "<a href="http://ihpgazos.cloudapp.net:9200" target="_blank" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2Fihpgazos.cloudapp.net%3A9200\46sa\75D\46sntz\0751\46usg\75AFQjCNFsSwlWVljcRvR4UcXd7OuSRcSyCg';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2Fihpgazos.cloudapp.net%3A9200\46sa\75D\46sntz\0751\46usg\75AFQjCNFsSwlWVljcRvR4UcXd7OuSRcSyCg';return true;">http://ihpgazos.cloudapp.net:9200",

    /** @scratch /configuration/config.js/5
     *
     * ==== default_route
     *
     * This is the default landing page when you don't specify a dashboard to load. You can specify
     * files, scripts or saved dashboards here. For example, if you had saved a dashboard called
     * `WebLogs' to elasticsearch you might use:
     *
     * default_route: '/dashboard/elasticsearch/WebLogs',
     */
    default_route     : '/dashboard/file/default.json',

    /** @scratch /configuration/config.js/5
     *
     * ==== kibana-int
     *
     * The default ES index to use for storing Kibana specific object
     * such as stored dashboards
     */
    kibana_index: "kibana-int",

    /** @scratch /configuration/config.js/5
     *
     * ==== panel_name
     *
     * An array of panel modules available. Panels will only be loaded when they are defined in the
     * dashboard, but this list is used in the "add panel" interface.
     */
    panel_names: [
      'histogram',
      'map',
      'goal',
      'table',
      'filtering',
      'timepicker',
      'text',
      'hits',
      'column',
      'trends',
      'bettermap',
      'query',
      'terms',
      'stats',
      'sparklines'
    ]
  });
});



All suggestions will be valued.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/07ae376d-b6cd-4e53-bab2-bcdf30a565af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.