-
Notifications
You must be signed in to change notification settings - Fork 17
Creating a Dashboard Pull Request
Please follow naming convention of existing assets when creating your new ones for the first time. This will alleviate headaches down the road when a Pull Request is up.
When assets get loaded into Elasticsearch, their Elasticsearch ID is autogenerated based on the filename, not the dashboard title field. When you constructed your dashboard, the Dashboard.json file is hardcoded with the names of the assets you built. If you visualization was originally named "TestVisualization.json", your dashboard Elasticsearch record is hardcoded to look for "TestVisualization.json". When you put up a pull request and change the filename in the Kibana repo to be "Top-Applications-By-Bandwidth.json", your dashboard is still looking for "TestVisualization.json". You can fix this one of two ways:
- Rebuild your dashboard using the Netmon UI after the visualizations and searches have been updated with the appropriate filename
- Manually change the Dashboard.json file to reflect the updated names, and then re-import the assets to make sure it worked.
After creating your dashboard and any relevant visualizations and searches, you must first export all of them individually. Do not do a bulk export from Kibana, because we need each visualization, search, and dashboard to be contained in its own file in github.
If your new dashboard uses visualizations and/or searches that you have created, or existing visualizations and/or searches that you have modified, you must export all of it. Kibana automatically links elements in the Elasticsearch record for each dashboard, so if you try to load a dashboard that uses a visualization/search that we don't explicitly insert, your dashboard will show an ugly error message that it cannot find the element it is linked to.
Don't forget to export everything individually!
Kibana will export your visualizations like this:
[
{
"_id": "Capture-Table",
"_type": "search",
"_source": {
"title": "Capture Table",
"description": "",
"hits": 0,
"columns": [
"SrcIP",
"DestIP",
"Application",
"Duration",
"FlowCompleted",
"Session",
"Captured"
],
"sort": [
"TimeUpdated",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"network_*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}"
}
}
}
]This is just a dump of the GET command that Kibana requests to Elasticsearch. We need this formatted a little differently in order to insert it properly into Elasticsearch on startup. Essentially, all we need is the "value" of the source "key": "value" pair. Everything up to, and including _source: must be removed. Accordingly, you must remove the trailing [ and the last } at the end of the file. Reformat the remaining lines so that it now looks like this:
{
"title": "Capture Table",
"description": "",
"hits": 0,
"columns": [
"SrcIP",
"DestIP",
"Application",
"Duration",
"FlowCompleted",
"Session",
"Captured"
],
"sort": [
"TimeUpdated",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"network_*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}"
}
}This must be done for every dashboard, visualization, and search that you are doing.
Once all your json's are trimmed appropriately, place them in the correct folder under kibana/resources/, either dashboards, visualizations, or searches. These folders are parsed on kibana startup, and everything in them is loaded. In order for your changes to take effect, you will need to delete your Kibana index before building the Kibana rpm and running sudo start netmon.