Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM][Docs]Clarifies SIEM index and Kibana index pattern requirements #739

Merged
merged 3 commits into from
Dec 11, 2019
Merged

[SIEM][Docs]Clarifies SIEM index and Kibana index pattern requirements #739

merged 3 commits into from
Dec 11, 2019

Conversation

benskelker
Copy link
Contributor

@benskelker benskelker commented Dec 8, 2019
edited
Loading

Adds additional clarifications on index requirements in general and, specifically, for maps configuration.

Map configuration page preview

Requested in #52312.

@benskelker benskelker requested review from spong and karenzone December 8, 2019 13:23
@benskelker benskelker changed the title [SIEM][Docs]Clarifies SIEM indices and Kibana index patterns requirements [SIEM][Docs]Clarifies SIEM indices and Kibana index pattern requirements Dec 8, 2019
@benskelker benskelker changed the title [SIEM][Docs]Clarifies SIEM indices and Kibana index pattern requirements [SIEM][Docs]Clarifies SIEM index and Kibana index pattern requirements Dec 8, 2019
@benskelker benskelker mentioned this pull request Dec 8, 2019
Merged
2 tasks
spong
spong reviewed Dec 9, 2019
View reviewed changes
docs/en/siem/siem-ui.asciidoc
Comment on lines +19 to +22
NOTE: The default index glob patterns defined for {siem-soln} events are
`endgame-*`, `auditbeat-*`, `winlogbeat-*`, `filebeat-*`, and `packetbeat-*`.
You can change the default glob patterns in {kib} -> Management -> Advanced
Settings -> `siem:defaultIndex`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a heads up that this will be changing to include apm-*-transcation* as part of elastic/kibana#52297 (comment). As noted in that comment, there is going to be specific logic for matching apm-*-transcation* to the apm-* Kibana Index Pattern.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @spong

We can update the documentation anytime - so we'll add this when it's implemented.

@spong spong mentioned this pull request Dec 9, 2019
Closed
spong
spong reviewed Dec 9, 2019
View reviewed changes
docs/en/siem/siem-ui.asciidoc Outdated
==== Create {kib} index patterns

To display data on the map, you must define {kib} index patterns
(Management -> Index Patterns) that match all the {siem-soln} {es} indices you
Copy link
Member

@spong spong Dec 9, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only note here is whether 'match' could be understood to mean pattern matching vs exact string match. Not sure if clarification is needed, but I think this may be the last area of confusion (🤞) until we support pattern matching when determining which layers to generate.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, thanks. Updating the text.

spong
spong approved these changes Dec 9, 2019
View reviewed changes
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a couple clarifying comments, but no changes necessary.

LGTM! 👍 Thanks @benskelker!

@benskelker
Copy link
Contributor Author

@spong
Can you review the changes. Thanks

@spong
Copy link
Member

spong commented Dec 10, 2019

@spong
Can you review the changes. Thanks

Updates look great! Very clear that you have to have exact matching SIEM/Kibana index patterns to see data on the map now. Thanks @benskelker!

karenzone
karenzone reviewed Dec 10, 2019
View reviewed changes
docs/en/siem/installation.asciidoc Outdated
must add its index to the {siem-soln} {es} indices (*{kib}* ->
*Management* -> *Advanced Settings* -> *`siem:defaultIndex`*).

It is also important to note that {siem-soln} uses the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider trimming this up:

It is also important to note that {siem-soln} uses the

karenzone
karenzone approved these changes Dec 10, 2019
View reviewed changes
Copy link
Contributor

@karenzone karenzone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Nicely done.
One small comment for your consideration.

@benskelker benskelker merged commit c0c2902 into elastic:master Dec 11, 2019
@benskelker benskelker deleted the improve_map_conf_page branch December 11, 2019 07:42
This was referenced Dec 11, 2019
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karenzone karenzone karenzone approved these changes

@spong spong spong approved these changes

Assignees
No one assigned
Labels
Team:SIEM v7.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@benskelker @spong @karenzone