DynamiteNSM ships with a simple package manager for installing and uninstalling groups Kibana objects.
Packages typically contain searches, visualizations and dashboards combined to facilitate one or more investigatory workflows.
By default, DynamiteNSM will install the BaseViews package, which provides a unique blend of host centric and event/alert centric views.
ⓘ To use the
kibana packagecommand you must installdynamite-nsm.
| Package Name | Description | Author | Downloads |
|---|---|---|---|
| BaseViews | Dashboards are organized around three primary data-models: alerts, conversations, and hosts. This package takes advantage of the shared identifiers embedded in generated models to facilitate deep-dives and pivots. | Dynamite Analytics | 0.3 0.4 |
We've developed a few internal guidelines that must be followed for those wishing to submit their own package to the Dynamite package repository. They are available here.
Before you can create a new Kibana package you will need to setup a working monitor and agent instance. Once the agent starts sending events Kibana's discovery view will quickly fill up, and you can begin creating new visualisations and dashboards.
The dynamite-investigator package provides some out-of-the-box saved searches, useful for filtering and
differentiating between event types. These searches can serve as a basis for creating your own visualizations and dashboards.
Kibana provides a fairly exhaustive set of visualizations for representing both simple and complex relationships in your data.
You can create a new visualization by double-clicking the Vizualize tab in the left-hand sidebar. From there simply select the Create visualization button
to enter into the New Vizualization interface.
Dashboards serve as space to present a variety of visualizations that typically share some common theme. Kibana dashboards provide the ability to enforce certain global constraints against all visualizations within that dashboard.
For example, the time-range filter and any term filters or KQL searches can be applied consistently accross all visualizations within
a dashboard.
To create a new Dashboard double-click the Dashboard tab in left-hand sidebar. You may then add any vizualization or saved_search you have created.
To export saved objects simply navigate to Stack Management in the left-hand sidebar. From there select Saved Objects link.
Within this UI you can export all the objects or just those of a certain type.
We suggest that objects are exported for each type and without including related objects. By doing so other developers can easily build upon the parts of your package most useful to them.
Every kibana package consists of one or more saved_object.ndjson files and a manifest.json file.
The .ndjson files are the output of a Kibana export operation as outlined above. A manifest.json simply contains
some additional metadata as well as a list of files to be installed via Kibana's saved_object's API.
{
"name": "Baselines",
"author": "John Doe",
"author_email": "jdoe@example.com",
"description": "Includes several base-lining techniques useful for identifying anomalies on small networks",
"package_type": "saved_objects",
"file_list": ["config.ndjson", "index_patterns.ndjson", "searches.ndjson", "visualizations.ndjson", "dashboards.ndjson"]
}Important!: The order of appearance in the file_list is important, dependencies should precede their dependants.
In the example above
searches.ndjsonrelies on or references the data fromindex_patterns.ndjsonto be available at installation time, otherwise errors and unexpected behavior may arise.
tar -cvf baselines.tar.gz baselines/*