I suggest reading some of the kibana documentation. There are a lot of tutorials available online on kibana.
Simon > On 6 Dec 2017, at 15:12, Syed Hammad Tahir <mscs16...@itu.edu.pk> wrote: > > How do I do it using kibana dashboard? What would be the most easy way? > > > On Wed, Dec 6, 2017 at 7:35 PM, Simon Elliston Ball > <si...@simonellistonball.com <mailto:si...@simonellistonball.com>> wrote: > Agreed… for the users list I would just say use the Install Notebooks action, > and look at the squid example on the wiki, but since it was you who asked for > links, Otto, I went a bit dev list ;) > > Simon > > >> On 6 Dec 2017, at 14:33, Otto Fowler <ottobackwa...@gmail.com >> <mailto:ottobackwa...@gmail.com>> wrote: >> >> The issue is the requirement for people on the user list to go to the source. >> >> >> On December 6, 2017 at 09:16:39, Simon Elliston Ball >> (si...@simonellistonball.com <mailto:si...@simonellistonball.com>) wrote: >> >>> No problem, I’ll grant you it’s not in the most intuitive part of the >>> source tree to go digging in, but you can also get to the zeppelin bits via >>> the actions button on the Metron config section (Install Notebooks) >>> >>> If anyone has any good ideas (or code!) for sample zeppelin notebooks that >>> would be useful, you can add them to a specific instance of the platform >>> via the config/zeppelin/metron location and run the action again I believe, >>> and this would be a great place for more security people to contribute >>> sample run books for example. There are also efforts by commercial support >>> providers I believe to add more samples of both dashboards and use cases. >>> >>> Simon >>> >>>> On 6 Dec 2017, at 14:12, Otto Fowler <ottobackwa...@gmail.com >>>> <mailto:ottobackwa...@gmail.com>> wrote: >>>> >>>> Thanks Simon >>>> >>>> >>>> On December 6, 2017 at 09:11:50, Simon Elliston Ball >>>> (si...@simonellistonball.com <mailto:si...@simonellistonball.com>) wrote: >>>> >>>>> In product… Install Zeppelin Notebooks, and the samples including >>>>> notebooks at >>>>> https://github.com/apache/metron/tree/master/metron-platform/metron-indexing/src/main/config/zeppelin/metron >>>>> >>>>> <https://github.com/apache/metron/tree/master/metron-platform/metron-indexing/src/main/config/zeppelin/metron> >>>>> >>>>> as of course there are similar Kibana dashboards included, which are >>>>> examples of custom visualisation of metron data, there is also the run >>>>> book for visualising squid data in kibana on the docs wiki >>>>> https://cwiki.apache.org/confluence/display/METRON/Enhancing+Metron+Dashboard >>>>> >>>>> <https://cwiki.apache.org/confluence/display/METRON/Enhancing+Metron+Dashboard> >>>>> >>>>> Should at least get us started. >>>>> >>>>> Simon >>>>> >>>>>> On 6 Dec 2017, at 14:00, Otto Fowler <ottobackwa...@gmail.com >>>>>> <mailto:ottobackwa...@gmail.com>> wrote: >>>>>> >>>>>> Links? >>>>>> >>>>>> >>>>>> On December 6, 2017 at 08:18:23, Simon Elliston Ball >>>>>> (si...@simonellistonball.com <mailto:si...@simonellistonball.com>) wrote: >>>>>> >>>>>>> We do already have a number of example of exactly this, but sure if >>>>>>> someone feels like adding to those that would be great. >>>>>>> >>>>>>> Simon >>>>>>> >>>>>>>> On 6 Dec 2017, at 13:14, Otto Fowler <ottobackwa...@gmail.com >>>>>>>> <mailto:ottobackwa...@gmail.com>> wrote: >>>>>>>> >>>>>>>> Maybe a Jira logged for an ‘example’ notebook for this would be >>>>>>>> appropriate as well? >>>>>>>> >>>>>>>> >>>>>>>> On December 6, 2017 at 07:06:30, Simon Elliston Ball >>>>>>>> (si...@simonellistonball.com <mailto:si...@simonellistonball.com>) >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Yes. Consider a zeppelin notebook, or kibana dashboard for this. >>>>>>>>> >>>>>>>>> If you want to use these values for detection, consider building a >>>>>>>>> profile based on the stats objects (see the profiler section of the >>>>>>>>> documentation under analytics. >>>>>>>>> >>>>>>>>> Simon >>>>>>>>> >>>>>>>>> > On 6 Dec 2017, at 07:42, Syed Hammad Tahir <mscs16...@itu.edu.pk >>>>>>>>> > <mailto:mscs16...@itu.edu.pk>> wrote: >>>>>>>>> > >>>>>>>>> > Hi, >>>>>>>>> > >>>>>>>>> > Can I setup custom visualization to show lets say the peak netrwork >>>>>>>>> > usage traffic in a certain time? >>>>>>>>> > >>>>>>>>> > Regards. > >
