Open marcinhlybin opened 3 months ago
Load the dashboards as recommended in the documentation:
auditbeat setup -e \ -E output.logstash.enabled=false \ -E output.elasticsearch.hosts=['http://log-server:9200'] \ -E output.elasticsearch.username=${ES_USERNAME} \ -E output.elasticsearch.password=${ES_PASSWORD} \ -E setup.kibana.host=http://log-server:5601
Sample broken dashboard: Process OS Distribution [Auditbeat System] ECS Starts working after editing and changing fields:
host.id
host.id.keyword
host.os.name
host.os.name.keyword
host.os.version
host.os.version.keyword
By the way, path to auditbeat kibana dashboard in the package still include number 7: /usr/share/auditbeat/kibana/7/{dashboard,search,visualization}
/usr/share/auditbeat/kibana/7/{dashboard,search,visualization}
Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)
Load the dashboards as recommended in the documentation:
Sample broken dashboard: Process OS Distribution [Auditbeat System] ECS Starts working after editing and changing fields:
host.id
->host.id.keyword
host.os.name
->host.os.name.keyword
host.os.version
->host.os.version.keyword
By the way, path to auditbeat kibana dashboard in the package still include number 7:
/usr/share/auditbeat/kibana/7/{dashboard,search,visualization}