Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS][SIEM]: Change Kibana advanced settings to match UI #50679

Merged
merged 14 commits into from
Nov 14, 2019
Merged

[DOCS][SIEM]: Change Kibana advanced settings to match UI #50679

Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
982eeea
[DOCS] Fix beta tag in Code Docs
narcher7 Aug 14, 2019
47c0968
Merge branch 'master' of github.com:elastic/kibana
narcher7 Aug 15, 2019
fd23941
Merge branch 'master' of github.com:elastic/kibana
narcher7 Aug 15, 2019
4345b0f
Merge branch 'master' of github.com:elastic/kibana
narcher7 Aug 16, 2019
2e0e40f
Merge branch 'master' of github.com:elastic/kibana
narcher7 Aug 22, 2019
77c0cae
Merge branch 'master' of github.com:elastic/kibana
narcher7 Aug 27, 2019
1bc5341
Merge branch 'master' of github.com:elastic/kibana
narcher7 Sep 4, 2019
a5dc156
Merge branch 'master' of github.com:elastic/kibana
narcher7 Sep 11, 2019
71479fc
Merge branch 'master' of github.com:elastic/kibana
narcher7 Sep 13, 2019
6ee058a
Merge branch 'master' of github.com:elastic/kibana
narcher7 Sep 23, 2019
a46dca8
Merge branch 'master' of github.com:elastic/kibana
narcher7 Oct 22, 2019
67dbb66
Merge branch 'master' of github.com:elastic/kibana
narcher7 Oct 29, 2019
4685b72
Change kibana advanced settings to match UI
narcher7 Nov 14, 2019
eed5385
Add random line break for illustration
narcher7 Nov 14, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
122 changes: 61 additions & 61 deletions docs/management/advanced-options.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,12 @@ for displayed decimal values.
. Scroll or search for the setting you want to modify.
. Enter a new value for the setting.


[float]
[[settings-read-only-access]]
=== [xpack]#Read only access#
When you have insufficient privileges to edit advanced settings, the following
indicator in Kibana will be displayed. The buttons to edit settings won't be visible.
When you have insufficient privileges to edit advanced settings, the following
indicator in Kibana will be displayed. The buttons to edit settings won't be visible.
For more information on granting access to Kibana see <<xpack-security-authorization>>.

[role="screenshot"]
Expand All @@ -25,9 +26,9 @@ image::images/settings-read-only-badge.png[Example of Advanced Settings Manageme

WARNING: Modifying a setting can affect {kib}
performance and cause problems that are
difficult to diagnose. Setting a property value to a blank field reverts
difficult to diagnose. Setting a property value to a blank field reverts
to the default behavior, which might not be
compatible with other configuration settings. Deleting a custom setting
compatible with other configuration settings. Deleting a custom setting
removes it from {kib} permanently.


Expand All @@ -44,7 +45,7 @@ removes it from {kib} permanently.
adapt to the interval between measurements. Keys are http://en.wikipedia.org/wiki/ISO_8601#Time_intervals[ISO8601 intervals].
`dateFormat:tz`:: The timezone that Kibana uses. The default value of `Browser` uses the timezone detected by the browser.
`dateNanosFormat`:: The format to use for displaying https://momentjs.com/docs/#/displaying/format/[pretty formatted dates] of {ref}/date_nanos.html[Elasticsearch date_nanos type].
`defaultIndex`:: The index to access if no index is set. The default is `null`.
`defaultIndex`:: The index to access if no index is set. The default is `null`.
`fields:popularLimit`:: The top N most popular fields to show.
`filterEditor:suggestValues`:: Set this property to `false` to prevent the filter editor from suggesting values for fields.
`filters:pinnedByDefault`:: Set this property to `true` to make filters have a global state (be pinned) by default.
Expand All @@ -59,46 +60,46 @@ mentioned use "\_default_".
`histogram:maxBars`:: Date histograms are not generated with more bars than the value of this property, scaling values
when necessary.
`history:limit`:: In fields that have history, such as query inputs, show this many recent values.
`indexPattern:fieldMapping:lookBack`:: For index patterns containing timestamps in their names,
`indexPattern:fieldMapping:lookBack`:: For index patterns containing timestamps in their names,
look for this many recent matching patterns from which to query the field mapping.
`indexPattern:placeholder`:: The default placeholder value to use in Management > Index Patterns > Create Index Pattern.
`metaFields`:: Fields that exist outside of `_source`. Kibana merges these fields
`metaFields`:: Fields that exist outside of `_source`. Kibana merges these fields
into the document when displaying it.
`metrics:max_buckets`:: The maximum numbers of buckets that a single
data source can return. This might arise when the user selects a
data source can return. This might arise when the user selects a
short interval (for example, 1s) for a long time period (1 year).
`query:allowLeadingWildcards`:: Allows a wildcard (*) as the first character
in a query clause. Only applies when experimental query features are
enabled in the query bar. To disallow leading wildcards in Lucene queries,
`query:allowLeadingWildcards`:: Allows a wildcard (*) as the first character
in a query clause. Only applies when experimental query features are
enabled in the query bar. To disallow leading wildcards in Lucene queries,
use `query:queryString:options`.
`query:queryString:options`:: Options for the Lucene query string parser. Only
used when "Query language" is set to Lucene.
`savedObjects:listingLimit`:: The number of objects to fetch for lists of saved objects.
`savedObjects:listingLimit`:: The number of objects to fetch for lists of saved objects.
The default value is 1000. Do not set above 10000.
`savedObjects:perPage`:: The number of objects to show on each page of the
`savedObjects:perPage`:: The number of objects to show on each page of the
list of saved objects. The default is 5.
`search:queryLanguage`:: The query language to use in the query bar.
Choices are <<kuery-query, KQL>>, a language built specifically for {kib}, and the <<lucene-query, Lucene
Choices are <<kuery-query, KQL>>, a language built specifically for {kib}, and the <<lucene-query, Lucene
query syntax>>.
`shortDots:enable`:: Set this property to `true` to shorten long
`shortDots:enable`:: Set this property to `true` to shorten long
field names in visualizations. For example, show `f.b.baz` instead of `foo.bar.baz`.
`sort:options`:: Options for the Elasticsearch {ref}/search-request-body.html#request-body-search-sort[sort] parameter.
`state:storeInSessionStorage`:: [experimental] Kibana tracks UI state in the
URL, which can lead to problems when there is a lot of state information,
and the URL gets very long.
Enabling this setting stores part of the URL in your browser session to keep the
`state:storeInSessionStorage`:: [experimental] Kibana tracks UI state in the
URL, which can lead to problems when there is a lot of state information,
and the URL gets very long.
Enabling this setting stores part of the URL in your browser session to keep the
URL short.
`theme:darkMode`:: Set to `true` to enable a dark mode for the {kib} UI. You must
refresh the page to apply the setting.
`timepicker:quickRanges`:: The list of ranges to show in the Quick section of
the time filter. This should be an array of objects, with each object containing
`from`, `to` (see {ref}/common-options.html#date-math[accepted formats]),
`timepicker:quickRanges`:: The list of ranges to show in the Quick section of
the time filter. This should be an array of objects, with each object containing
`from`, `to` (see {ref}/common-options.html#date-math[accepted formats]),
and `display` (the title to be displayed).
`timepicker:refreshIntervalDefaults`:: The default refresh interval for the time filter. Example: `{ "display": "15 seconds", "pause": true, "value": 15000 }`.
`timepicker:timeDefaults`:: The default selection in the time filter.
`truncate:maxHeight`:: The maximum height that a cell occupies in a table. Set to 0 to disable
truncation.
`xPack:defaultAdminEmail`:: Email address for X-Pack admin operations, such as
`xPack:defaultAdminEmail`:: Email address for X-Pack admin operations, such as
cluster alert notifications from Monitoring.


Expand All @@ -107,7 +108,7 @@ cluster alert notifications from Monitoring.
=== Accessibility settings

[horizontal]
`accessibility:disableAnimations`:: Turns off all unnecessary animations in the
`accessibility:disableAnimations`:: Turns off all unnecessary animations in the
{kib} UI. Refresh the page to apply the changes.

[float]
Expand All @@ -124,21 +125,21 @@ cluster alert notifications from Monitoring.
[horizontal]
`context:defaultSize`:: The number of surrounding entries to display in the context view. The default value is 5.
`context:step`:: The number by which to increment or decrement the context size. The default value is 5.
`context:tieBreakerFields`:: A comma-separated list of fields to use
for breaking a tie between documents that have the same timestamp value. The first
`context:tieBreakerFields`:: A comma-separated list of fields to use
for breaking a tie between documents that have the same timestamp value. The first
field that is present and sortable in the current index pattern is used.
`defaultColumns`:: The columns that appear by default on the Discover page.
The default is `_source`.
`discover:aggs:terms:size`:: The number terms that are visualized when clicking
The default is `_source`.
`discover:aggs:terms:size`:: The number terms that are visualized when clicking
the Visualize button in the field drop down. The default is `20`.
`discover:sampleSize`:: The number of rows to show in the Discover table.
`discover:sort:defaultOrder`:: The default sort direction for time-based index patterns.
`discover:searchOnPageLoad`:: Controls whether a search is executed when Discover first loads.
`discover:searchOnPageLoad`:: Controls whether a search is executed when Discover first loads.
This setting does not have an effect when loading a saved search.
`doc_table:hideTimeColumn`:: Hides the "Time" column in Discover and in all saved searches on dashboards.
`doc_table:highlight`:: Highlights results in Discover and saved searches on dashboards.
`doc_table:highlight`:: Highlights results in Discover and saved searches on dashboards.
Highlighting slows requests when
working on big documents.
working on big documents.



Expand All @@ -150,14 +151,14 @@ working on big documents.
[horizontal]
`notifications:banner`:: A custom banner intended for temporary notices to all users.
Supports https://help.github.com/en/articles/basic-writing-and-formatting-syntax[Markdown].
`notifications:lifetime:banner`:: The duration, in milliseconds, for banner
notification displays. The default value is 3000000. Set this field to `Infinity`
`notifications:lifetime:banner`:: The duration, in milliseconds, for banner
notification displays. The default value is 3000000. Set this field to `Infinity`
to disable banner notifications.
`notifications:lifetime:error`:: The duration, in milliseconds, for error
`notifications:lifetime:error`:: The duration, in milliseconds, for error
notification displays. The default value is 300000. Set this field to `Infinity` to disable error notifications.
`notifications:lifetime:info`:: The duration, in milliseconds, for information notification displays.
`notifications:lifetime:info`:: The duration, in milliseconds, for information notification displays.
The default value is 5000. Set this field to `Infinity` to disable information notifications.
`notifications:lifetime:warning`:: The duration, in milliseconds, for warning notification
`notifications:lifetime:warning`:: The duration, in milliseconds, for warning notification
displays. The default value is 10000. Set this field to `Infinity` to disable warning notifications.


Expand All @@ -175,8 +176,8 @@ displays. The default value is 10000. Set this field to `Infinity` to disable wa
=== Rollup settings

[horizontal]
`rollups:enableIndexPatterns`:: Enables the creation of index patterns that
capture rollup indices, which in turn enables visualizations based on rollup data.
`rollups:enableIndexPatterns`:: Enables the creation of index patterns that
capture rollup indices, which in turn enables visualizations based on rollup data.
Refresh the page to apply the changes.


Expand All @@ -188,22 +189,22 @@ Refresh the page to apply the changes.
`courier:batchSearches`:: When disabled, dashboard panels will load individually, and search requests will terminate when
users navigate away or update the query. When enabled, dashboard panels will load together when all of the data is loaded,
and searches will not terminate.
`courier:customRequestPreference`:: {ref}/search-request-body.html#request-body-search-preference[Request preference]
`courier:customRequestPreference`:: {ref}/search-request-body.html#request-body-search-preference[Request preference]
to use when `courier:setRequestPreference` is set to "custom".
`courier:ignoreFilterIfFieldNotInIndex`:: Skips filters that apply to fields that don't exist in the index for a visualization.
`courier:ignoreFilterIfFieldNotInIndex`:: Skips filters that apply to fields that don't exist in the index for a visualization.
Useful when dashboards consist of visualizations from multiple index patterns.
`courier:maxConcurrentShardRequests`:: Controls the {ref}/search-multi-search.html[max_concurrent_shard_requests]
setting used for `_msearch` requests sent by {kib}. Set to 0 to disable this
`courier:maxConcurrentShardRequests`:: Controls the {ref}/search-multi-search.html[max_concurrent_shard_requests]
setting used for `_msearch` requests sent by {kib}. Set to 0 to disable this
config and use the {es} default.
`courier:setRequestPreference`:: Enables you to set which shards handle your search requests.
* *Session ID:* Restricts operations to execute all search requests on the same shards.
* *Session ID:* Restricts operations to execute all search requests on the same shards.
This has the benefit of reusing shard caches across requests.
* *Custom:* Allows you to define your own preference. Use `courier:customRequestPreference`
* *Custom:* Allows you to define your own preference. Use `courier:customRequestPreference`
to customize your preference value.
* *None:* Do not set a preference. This might provide better performance
because requests can be spread across all shard copies. However, results might
* *None:* Do not set a preference. This might provide better performance
because requests can be spread across all shard copies. However, results might
be inconsistent because different shards might be in different refresh states.
`search:includeFrozen`:: Includes {ref}/frozen-indices.html[frozen indices] in results.
`search:includeFrozen`:: Includes {ref}/frozen-indices.html[frozen indices] in results.
Searching through frozen indices
might increase the search time. This setting is off by default. Users must opt-in to include frozen indices.

Expand All @@ -212,8 +213,8 @@ might increase the search time. This setting is off by default. Users must opt-i
=== SIEM settings

[horizontal]
`siem:defaultAnomalyScore`:: The threshold above which anomalies are displayed in the SIEM app.
`siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
`siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app.
`siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
`siem:refreshIntervalDefaults`:: The default refresh interval for the SIEM time filter, in milliseconds.
`siem:timeDefaults`:: The default period of time in the SIEM time filter.

Expand All @@ -226,16 +227,16 @@ might increase the search time. This setting is off by default. Users must opt-i
`timelion:default_rows`:: The default number of rows to use on a Timelion sheet.
`timelion:es.default_index`:: The default index when using the `.es()` query.
`timelion:es.timefield`:: The default field containing a timestamp when using the `.es()` query.
`timelion:graphite.url`:: [experimental] Used with graphite queries, this is the URL of your graphite host
in the form https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite. This URL can be
`timelion:graphite.url`:: [experimental] Used with graphite queries, this is the URL of your graphite host
in the form https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite. This URL can be
selected from a whitelist configured in the `kibana.yml` under `timelion.graphiteUrls`.
`timelion:max_buckets`:: The maximum number of buckets a single data source can return.
This value is used for calculating automatic intervals in visualizations.
`timelion:min_interval`:: The smallest interval to calculate when using "auto".
`timelion:quandl.key`:: [experimental] Used with quandl queries, this is your API key from https://www.quandl.com/[www.quandl.com].
`timelion:showTutorial`:: Shows the Timelion tutorial
`timelion:showTutorial`:: Shows the Timelion tutorial
to users when they first open the Timelion app.
`timelion:target_buckets`:: Used for calculating automatic intervals in visualizations,
`timelion:target_buckets`:: Used for calculating automatic intervals in visualizations,
this is the number of buckets to try to represent.


Expand All @@ -246,25 +247,24 @@ this is the number of buckets to try to represent.

[horizontal]
`visualization:colorMapping`:: Maps values to specified colors in visualizations.
`visualization:dimmingOpacity`:: The opacity of the chart items that are dimmed
when highlighting another element of the chart. The lower this number, the more
`visualization:dimmingOpacity`:: The opacity of the chart items that are dimmed
when highlighting another element of the chart. The lower this number, the more
the highlighted element stands out. This must be a number between 0 and 1.
`visualization:loadingDelay`:: The time to wait before dimming visualizations
`visualization:loadingDelay`:: The time to wait before dimming visualizations
during a query.
`visualization:regionmap:showWarnings`:: Shows
`visualization:regionmap:showWarnings`:: Shows
a warning in a region map when terms cannot be joined to a shape.
`visualization:tileMap:WMSdefaults`:: The default properties for the WMS map server support in the coordinate map.
`visualization:tileMap:maxPrecision`:: The maximum geoHash precision displayed on tile maps: 7 is high, 10 is very high,
and 12 is the maximum. See this
and 12 is the maximum. See this
{ref}/search-aggregations-bucket-geohashgrid-aggregation.html#_cell_dimensions_at_the_equator[explanation of cell dimensions].
`visualize:enableLabs`:: Enables users to create, view, and edit experimental visualizations.
`visualize:enableLabs`:: Enables users to create, view, and edit experimental visualizations.
If disabled, only visualizations that are considered production-ready are available to the user.


[float]
[[kibana-telemetry-settings]]
=== Usage data settings

Helps improve the Elastic Stack by providing usage statistics for
Helps improve the Elastic Stack by providing usage statistics for
basic features. This data will not be shared outside of Elastic.