Update getting started docs plus template/index loading reference

elastic · Jul 31, 2017 · 8342870 · 8342870
1 parent 794c56c
commit 8342870
Show file tree

Hide file tree

Showing 40 changed files with 635 additions and 273 deletions.
diff --git a/auditbeat/docs/configuring-howto.asciidoc b/auditbeat/docs/configuring-howto.asciidoc
@@ -26,6 +26,7 @@ The following topics describe how to configure {beatname_uc}:
 * <<filtering-and-enhancing-data>>
 * <<configuring-ingest-node>>
 * <<configuration-path>>
+* <<setup-kibana-endpoint>>
 * <<configuration-dashboards>>
 * <<configuration-template>>
 * <<configuration-logging>>
@@ -52,6 +53,8 @@ include::../../libbeat/docs/shared-config-ingest.asciidoc[]
 
 include::../../libbeat/docs/shared-path-config.asciidoc[]
 
+include::../../libbeat/docs/shared-kibana-config.asciidoc[]
+
 include::../../libbeat/docs/setup-config.asciidoc[]
 
 include::../../libbeat/docs/loggingconfig.asciidoc[]

diff --git a/auditbeat/docs/getting-started.asciidoc b/auditbeat/docs/getting-started.asciidoc
@@ -1,8 +1,6 @@
 [id="{beatname_lc}-getting-started"]
 == Getting started with {beatname_uc}
 
-//TODO: The getting started content needs to be changed to reflect changes in command-line syntax, dashboard loading, etc.
-
 To get started with your own {beatname_uc} setup, install and configure these
 related products:
 
@@ -19,8 +17,9 @@ install, configure, and run {beatname_uc}:
 * <<{beatname_lc}-installation>>
 * <<{beatname_lc}-configuration>>
 * <<{beatname_lc}-template>>
+* <<load-kibana-dashboards>>
 * <<{beatname_lc}-starting>>
-* <<{beatname_lc}-sample-dashboards>>
+* <<view-kibana-dashboards>>
 * <<command-line-options>>
 * <<directory-layout>>
 
@@ -167,48 +166,38 @@ If you accept the default configuration without specifying additional modules,
 +
 See <<configuring-howto-{beatname_lc}>> for more details about configuring modules.
 
-. If you are sending output to Elasticsearch, set the IP address and port where
-{beatname_uc} can find the Elasticsearch installation:
+. If you are sending output to Elasticsearch (and not using Logstash), set the
+IP address and port where {beatname_uc} can find the Elasticsearch installation:
 +
 [source,yaml]
 ----------------------------------------------------------------------
 output.elasticsearch:
   hosts: ["127.0.0.1:9200"]
 ----------------------------------------------------------------------
 +
-If you are sending output to Logstash, see
+If you are sending output to Logstash, make sure you
 <<logstash-output,Configure the Logstash output>> instead.
 
-. If you plan to use the sample Kibana dashboards provided with {beatname_uc},
-configure the Kibana endpoint:
-+
-[source,yaml]
-----------------------------------------------------------------------
-setup.kibana:
-  host: "localhost:5601"
-----------------------------------------------------------------------
-+
---
-Where `host` is the hostname and port of the machine where Kibana is running,
-for example, `localhost:5601`.
-
-TIP: If you specify a path after the port number, you need to include
-the scheme and port: `http://localhost:5601/path`.
+include::../../libbeat/docs/step-configure-kibana-endpoint.asciidoc[]
 
---
+include::../../libbeat/docs/step-test-config.asciidoc[]
 
-//TODO: Add link that mentions security settings and points to docs about setup.kibana for more info.
-
-//REVIEWERS: Wondering if I should protocol, username, and password in the example. We tend to leave that out, but not sure if that's the best thing to do.
+include::../../libbeat/docs/step-look-at-config.asciidoc[]
 
 [id="{beatname_lc}-template"]
 === Step 3: Load the index template in Elasticsearch
 
 :allplatforms:
 include::../../libbeat/docs/shared-template-load.asciidoc[]
 
+[[load-kibana-dashboards]]
+=== Step 4: Set up the Kibana dashboards
+
+:allplatforms:
+include::../../libbeat/docs/dashboards.asciidoc[]
+
 [id="{beatname_lc}-starting"]
-=== Step 4: Start {beatname_uc}
+=== Step 5: Start {beatname_uc}
 
 Run {beatname_uc} by issuing the appropriate command for your platform.
 
@@ -270,15 +259,18 @@ Elasticsearch instance.
 On Windows, if you don't have cURL installed, simply point your browser to the
 URL.
 
-[id="{beatname_lc}-sample-dashboards"]
-=== Step 5: Load sample Kibana dashboards
+[[view-kibana-dashboards]]
+=== Step 6: View the sample Kibana dashboards
 
 To make it easier for you to start auditing the activities of users and
-processes on your system, we have created sample {beatname_uc} dashboards.
+processes on your system, we have created example {beatname_uc} dashboards.
+You loaded the dashboards earlier when you ran the `setup` command.
+
+include::../../libbeat/docs/opendashboards.asciidoc[]
+
 The dashboards are provided as examples. We recommend that you
 {kibana-ref}/dashboard.html[customize] them to meet your needs.
 
 image:./images/auditbeat-file-integrity-dashboard.png[Auditbeat File Integrity Dashboard]
 
-:allplatforms:
-include::../../libbeat/docs/dashboards.asciidoc[]
+
diff --git a/filebeat/docs/configuring-howto.asciidoc b/filebeat/docs/configuring-howto.asciidoc
@@ -27,6 +27,7 @@ The following topics describe how to configure Filebeat:
 * <<filtering-and-enhancing-data>>
 * <<configuring-ingest-node>>
 * <<configuration-path>>
+* <<setup-kibana-endpoint>>
 * <<configuration-dashboards>>
 * <<configuration-template>>
 * <<configuration-logging>>
@@ -58,6 +59,8 @@ include::../../libbeat/docs/shared-config-ingest.asciidoc[]
 
 include::../../libbeat/docs/shared-path-config.asciidoc[]
 
+include::../../libbeat/docs/shared-kibana-config.asciidoc[]
+
 include::../../libbeat/docs/setup-config.asciidoc[]
 
 include::../../libbeat/docs/loggingconfig.asciidoc[]

diff --git a/filebeat/docs/getting-started.asciidoc b/filebeat/docs/getting-started.asciidoc
@@ -15,8 +15,9 @@ After installing the Elastic Stack, read the following topics to learn how to in
 * <<filebeat-configuration>>
 * <<config-filebeat-logstash>>
 * <<filebeat-template>>
+* <<load-kibana-dashboards>>
 * <<filebeat-starting>>
-* <<filebeat-index-pattern>>
+* <<view-kibana-dashboards>>
 * <<filebeat-modules-quickstart>>
 * <<command-line-options>>
 * <<directory-layout>>
@@ -153,10 +154,13 @@ include::../../libbeat/docs/shared-configuring.asciidoc[]
 Here is a sample of the `filebeat` section of the `filebeat.yml` file. Filebeat uses predefined
 default values for most configuration options.
 
+//REVIEWERS: I'm adding the enabled settings to the examples because they show up in the default config
+
 [source,yaml]
 -------------------------------------------------------------------------------------
 filebeat.prospectors:
 - type: log
+  enabled: true
   paths:
     - /var/log/*.log
     #- c:\programdata\elasticsearch\logs\*
@@ -172,6 +176,7 @@ For the most basic Filebeat configuration, you can define a single prospector wi
 -------------------------------------------------------------------------------------
 filebeat.prospectors:
 - type: log
+  enabled: true
   paths:
     - /var/log/*.log
 -------------------------------------------------------------------------------------
@@ -185,26 +190,23 @@ To fetch all files from a predefined level of subdirectories, the following patt
 fetch log files from the `/var/log` folder itself. Currently it is not possible to recursively
 fetch all files in all subdirectories of a directory.
 
-. If you are sending output to Elasticsearch, set the IP address and port where Filebeat can find the Elasticsearch installation:
+. If you are sending output directly to Elasticsearch (and not using Logstash),
+set the IP address and port where Filebeat can find the Elasticsearch installation:
 +
 [source,yaml]
 ----------------------------------------------------------------------
 output.elasticsearch:
   hosts: ["192.168.1.42:9200"]
 ----------------------------------------------------------------------
 +
-If you are sending output to Logstash, see <<config-filebeat-logstash>> instead.
+If you are sending output to Logstash, make sure you
+configure the Logstash output in <<config-filebeat-logstash>>.
+
+include::../../libbeat/docs/step-configure-kibana-endpoint.asciidoc[]
 
-TIP: To test your configuration file, change to the directory where the Filebeat
-binary is installed, and run Filebeat in the foreground with the following
-options specified: +./filebeat -configtest -e+. Make sure your config files are
-in the path expected by Filebeat (see <<directory-layout>>). If you
-installed from DEB or RPM packages, run +./filebeat.sh -configtest -e+.
+include::../../libbeat/docs/step-test-config.asciidoc[]
 
-Before starting Filebeat, you should look at the configuration options in the
-configuration file, for example `C:\Program Files\Filebeat\filebeat.yml` or
-`/etc/filebeat/filebeat.yml`. For more information about these options,
-see <<configuring-howto-filebeat>>.
+include::../../libbeat/docs/step-look-at-config.asciidoc[]
 
 [[config-filebeat-logstash]]
 === Step 3: Configure Filebeat to use Logstash
@@ -218,15 +220,23 @@ include::../../libbeat/docs/shared-logstash-config.asciidoc[]
 :allplatforms:
 include::../../libbeat/docs/shared-template-load.asciidoc[]
 
+[[load-kibana-dashboards]]
+=== Step 5: Set up the Kibana dashboards
+
+:allplatforms:
+include::../../libbeat/docs/dashboards.asciidoc[]
+
 [[filebeat-starting]]
-=== Step 5: Start Filebeat
+=== Step 6: Start Filebeat
 
 Start Filebeat by issuing the appropriate command for your platform.
 
 NOTE: If you use an init.d script to start Filebeat on deb or rpm, you can't
 specify command line flags (see <<command-line-options>>). To specify flags,
 start Filebeat in the foreground.
 
+//REVIEWERS: With the new command syntax, should the deb and rpm instructions here say run instead of start?
+
 *deb:*
 
 [source,shell]
@@ -253,7 +263,7 @@ docker run {dockerimage}
 [source,shell]
 ----------------------------------------------------------------------
 sudo chown root filebeat.yml <1>
-sudo ./filebeat -e -c filebeat.yml -d "publish"
+sudo ./filebeat run -e -c filebeat.yml -d "publish"
 ----------------------------------------------------------------------
 <1> You'll be running Filebeat as root, so you need to change ownership
 of the configuration file (see
@@ -267,28 +277,33 @@ in the _Beats Platform Reference_).
 PS C:\Program Files\Filebeat> Start-Service filebeat
 ----------------------------------------------------------------------
 
+
 By default, Windows log files are stored in `C:\ProgramData\filebeat\Logs`.
 
 Filebeat is now ready to send log files to your defined output.
 
-[[filebeat-index-pattern]]
-=== Step 6: Load the Kibana index pattern
+[[view-kibana-dashboards]]
+=== Step 7: View the sample Kibana dashboards
 
-We don't offer prebuilt dashboards for visualizing Filebeat data. However, to make it easier for you to explore Filebeat
-data in Kibana, we've created a Filebeat index pattern: `filebeat-*`. To load this pattern, you can use the script
-that's provided for importing dashboards:
+To make it easier for you to explore Filebeat data in Kibana, we've created
+example {beatname_uc} dashboards. You loaded the dashboards earlier when you
+ran the `setup` command.
 
-[source,shell]
-----------------------------------------------------------------------
-./scripts/import_dashboards -only-index
-----------------------------------------------------------------------
+include::../../libbeat/docs/opendashboards.asciidoc[]
 
-For more information about running the script, see
-{beatsdevguide}/import-dashboards.html[Importing Existing Beat Dashboards] in the _Beats Platform Reference_.
+These dashboards are designed to work out-of-the box when you use
+<<filebeat-modules-overview,Filebeat modules>>. However, you can also use them
+as examples and {kibana-ref}/dashboard.html[customize] them to meet your needs
+even if you aren't using Filebeat modules.
 
-After you've created the index pattern, you can select the `filebeat-*` index pattern in Kibana to explore
-Filebeat data.
+To populate the example dashboards with data, you need to either
+<<configuring-ingest-node,define ingest node pipelines>> or use Logstash to
+parse the data into the fields expected by the dashboards. If you are using
+Logstash, see the
+{logstashdoc}/logstash-config-for-filebeat-modules.html[configuration examples]
+in the Logstash documentation for help parsing the log formats supported
+by the dashboards.
 
-image:./images/filebeat-discover-tab.png[]
+Here is an example of the Filebeat system dashboard:
 
-TIP: If you don't see `filebeat-*` in the list of available index patterns, try refreshing the page in your browser.
+image:./images/kibana-system.png[]
diff --git a/filebeat/docs/images/kibana-created-indexes.png b/filebeat/docs/images/kibana-created-indexes.png
diff --git a/filebeat/docs/images/kibana-navigation-vis.png b/filebeat/docs/images/kibana-navigation-vis.png
diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc
@@ -3,6 +3,7 @@
 include::../../libbeat/docs/version.asciidoc[]
 
 :libbeat: http://www.elastic.co/guide/en/beats/libbeat/{doc-branch}
+:kibana-ref: https://www.elastic.co/guide/en/kibana/{doc-branch}
 :beatsdevguide: http://www.elastic.co/guide/en/beats/devguide/{doc-branch}
 :packetbeat: http://www.elastic.co/guide/en/beats/packetbeat/{doc-branch}
 :metricbeat: http://www.elastic.co/guide/en/beats/metricbeat/{doc-branch}

diff --git a/heartbeat/docs/configuring-howto.asciidoc b/heartbeat/docs/configuring-howto.asciidoc
@@ -27,6 +27,7 @@ The following topics describe how to configure Heartbeat:
 * <<filtering-and-enhancing-data>>
 * <<configuring-ingest-node>>
 * <<configuration-path>>
+* <<setup-kibana-endpoint>>
 * <<configuration-dashboards>>
 * <<configuration-template>>
 * <<configuration-logging>>
@@ -49,6 +50,8 @@ include::../../libbeat/docs/shared-config-ingest.asciidoc[]
 
 include::../../libbeat/docs/shared-path-config.asciidoc[]
 
+include::../../libbeat/docs/shared-kibana-config.asciidoc[]
+
 include::../../libbeat/docs/setup-config.asciidoc[]
 
 include::../../libbeat/docs/loggingconfig.asciidoc[]