Monday, June 22, 2015

Monitoring ASA log with ELK part 2


If you missed the news, Kibana 4.1 was made available two weeks ago (June 10, 2015) and also Elasticsearch 1.6 (June 9, 2015) and Logstash 1.5.1 (June 16, 2015).

This is a second post to share around Kibana 4 this time, the first post was here : monitoring-cisco-asa-logs-with-elk.html

IMHO, Kibana 4.1 is much more interesting than Kibana 4.0, but there are still some interesting ongoing work under the 4.2 release. I still prefer Kibana 3 for some points.

Dashboard migration in Kibana 4

Unfortunately, dashboard from Kibana 3 cannot be migrated to Kibana 4, but you can run both a the same time on your computer.

Since Kibana 4.1 let us export objects, I have made an update to share new dashboards :
  • One is "Kibana 3 style"
Former Kibana 3 Cisco ASA sample dashboard
Kibana 3 style for kibana 4 dashboard
Kibana 3 style dashboard in Kibana 4
  •  The second is using some of the new features of Kibana 4.1
    • Multiple aggregations
    • Field formatting with URL links 
    Kibana 4.1 dashboard

Field formating: URL

If you want to use URL links, you need to use the Field formatting feature. Goto Settings > Indices > select your Index
Then select (edit) the field on which you want to add a URL and change the combo box "Format" from "default" to URL
And then customize your URL and URL template. In this screenshot, the result display "IPaddr # Google IT" and lunch the URL  Do not forget to click on the "update field" button to confirm and enjoy !

Dashboard download

You can get Kibana 4 dashboards here.