I'm using your tutorial guide to setup our ELK stack to visualize our PA logs. Everything is going fine until I get to step 7 for importing the visualization files into Kibana. When I go to import the saved object files I'm getting index pattern conflicts. It seems to be different for each import. I'm brand new to ELK so I'm not sure what is causing this.
I am running PAN OS 8.0.14 and read through the release notes and admin guide and the syslog format doesn't appear to have changed. The version of Elasticsearch, Logstash and Kibana I am running is 6.5.4. The only major difference I can think of is I am using CentOS 7 instead of Ubuntu.
When I try to import searches-base.json I receive this message after I import it:
When importing visualisations-base.json I get:
The dashboards-base.json file imports just fine for me. I've tried to select the new index patterns to either panos-traffic, threat, config or system, but when I try to view the dashboard it either timesout or not a whole lot of info is shown.
I've made sure I've had each log type get sent to the ELK server as I can see a lot of logs being stored in the respective index by panos-traffic, threat, config and system.
Hi,
I'm using your tutorial guide to setup our ELK stack to visualize our PA logs. Everything is going fine until I get to step 7 for importing the visualization files into Kibana. When I go to import the saved object files I'm getting index pattern conflicts. It seems to be different for each import. I'm brand new to ELK so I'm not sure what is causing this.
I am running PAN OS 8.0.14 and read through the release notes and admin guide and the syslog format doesn't appear to have changed. The version of Elasticsearch, Logstash and Kibana I am running is 6.5.4. The only major difference I can think of is I am using CentOS 7 instead of Ubuntu.
When I try to import searches-base.json I receive this message after I import it:
When importing visualisations-base.json I get:
The dashboards-base.json file imports just fine for me. I've tried to select the new index patterns to either panos-traffic, threat, config or system, but when I try to view the dashboard it either timesout or not a whole lot of info is shown.
I've made sure I've had each log type get sent to the ELK server as I can see a lot of logs being stored in the respective index by panos-traffic, threat, config and system.