search

ltb-project / openldap-elk

ELK configuration to parse OpenLDAP logs
GNU General Public License v2.0
34 stars 15 forks source link

Dashboard is not working on Kibana 4.5.1 #1

Open thebhushanp opened 7 years ago

thebhushanp commented 7 years ago

I tried to import the dashboard on Kibana 4.5.1 I got following error on console Error: arr.map is not a function __WEBPACK_AMD_DEFINE_RESULT__</</Promise.map@http://10.1.1.218:5601/bundles/commons.bundle.js?v=9892:61082:27 controller/$scope.importAll@http://10.1.1.218:5601/bundles/kibana.bundle.js?v=9892:97786:19 anonymous/fn@http://10.1.1.218:5601/bundles/commons.bundle.js?v=9892 line 40937 > Function:2:306 link/</reader.onload/<@http://10.1.1.218:5601/bundles/kibana.bundle.js?v=9892:98118:16 $RootScopeProvider/this.$get</Scope.prototype.$eval@http://10.1.1.218:5601/bundles/commons.bundle.js?v=9892:43604:17 $RootScopeProvider/this.$get</Scope.prototype.$apply@http://10.1.1.218:5601/bundles/commons.bundle.js?v=9892:43704:21 link/</reader.onload@http://10.1.1.218:5601/bundles/kibana.bundle.js?v=9892:98117:14

http://10.1.1.218:5601/bundles/commons.bundle.js?v=9892 Line 40092

coudot commented 7 years ago

Yes, it is clearly said that this dashboard is for Kibana 3.

Work is needed to create Kibana 4 dashboards.

thebhushanp commented 7 years ago

Sorry to bother you again, but do you have any plans to make it work with Kibana 4?

coudot commented 7 years ago

Not yet, but any help is welcomed.

thebhushanp commented 7 years ago

I would loved to do it. I am just learning OpenLDAP and ELK stack. I am trying to make a dashboard for Kibana 4. What I want to know that value of conn attribute in log is always going to be unique or not? Because my algorithm is like

coudot commented 7 years ago

Value of conn is not unique, as you can have a lot of operations per connections. With ELK, you can filter all log lines that matched a connection, then filter the operation number, then other informations if you need.

Note that op is not unique, as for each connection, the operation counter is reset.

thebhushanp commented 7 years ago

Hi Clément, I have used your logstash conf file. I am struck at one point. I want to display 'Top 10 credential failed user IDs(uid)'. Now the problem is, result of bind operation is not present in that log and in result log statement, where i get error_code = 49, there I dont get uid. I have explain the issue in brief at following link. http://stackoverflow.com/questions/40547248/elasticsearch-nested-query-in-in-operator

Any idea on how to overcome this issue? any help is appreciated.