Audit logging Kibana dashboard
Learn how to add custom dashboards in Kibana so you can analyze your audit logs.
You can add or delete visualization charts in the dashboards. You can modify data representation or layout. The following dashboard examples are provided:
- a dashboard that is focused on
platform servicesaudit logs - a dashboard that is focused on
Kubernetesaudit logs.
Importing dashboards into Kibana
The following process is applicable to both dashboards. You can import one or both of the dashboards, one by one. Before adding the dashboard, make sure that the IBM Cloud Private cluster has generated audit logs and that the audit logs are forwarded to ELK.
For more information about enabling audit logging, see Configuring IBM Cloud Private services to generate audit logs.
For more information about forwarding audit logs to ELK, see Configuring IBM Cloud Private to forward audit logs.
Complete the following steps to import a dashboard into Kibana:
- Copy the following dashboard content and save it in a
<file-name>.jsonfile. - Open Kibana web console (From the navigation menu, click
Platform > Logging) - In Kibana, navigate to
Management > Saved Objects - Click
Importon the top right corner - Find
<file-name>.jsonsaved file and import it - You can find imported dashboard in the Kibana navigation menu under
Dashboard
Platform service audit logging dashboard and visualizations
[
{
"_id": "2d1bc1a0-f886-11e8-94e8-63db1f1e8f5c",
"_type": "dashboard",
"_source": {
"title": "audit-logging-dashboard",
"hits": 0,
"description": "",
"panelsJSON": "[{\"size_x\":6,\"size_y\":5,\"panelIndex\":1,\"type\":\"visualization\",\"id\":\"a3841760-f882-11e8-94e8-63db1f1e8f5c\",\"col\":1,\"row\":1},{\"size_x\":6,\"size_y\":5,\"panelIndex\":2,\"type\":\"visualization\",\"id\":\"79f77cf0-1e45-11e9-bc71-473f395cd7d0\",\"col\":7,\"row\":1},{\"size_x\":6,\"size_y\":5,\"panelIndex\":3,\"type\":\"visualization\",\"id\":\"ff209890-1e3f-11e9-9b3c-fbc41e168e2a\",\"col\":1,\"row\":6},{\"size_x\":6,\"size_y\":5,\"panelIndex\":4,\"type\":\"visualization\",\"id\":\"5e771c90-1e42-11e9-9b3c-fbc41e168e2a\",\"col\":7,\"row\":6}]",
"optionsJSON": "{\"darkTheme\":false}",
"uiStateJSON": "{}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}],\"highlightAll\":true,\"version\":true}"
}
}
},
{
"_id": "a3841760-f882-11e8-94e8-63db1f1e8f5c",
"_type": "visualization",
"_source": {
"title": "audit-logging-team-operations-group-by-actions",
"visState": "{\"title\":\"audit-logging-team-operations-group-by-actions\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"exclude\":\"revoke\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}}],\"listeners\":{}}",
"uiStateJSON": "{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "79f77cf0-1e45-11e9-bc71-473f395cd7d0",
"_type": "visualization",
"_source": {
"title": "audit-logging-group-by-container-name",
"visState": "{\"title\":\"audit-logging-group-by-container-name\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kubernetes.container_name.keyword\",\"exclude\":\"platform-identity-provider\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"container-name\"}}],\"listeners\":{}}",
"uiStateJSON": "{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "ff209890-1e3f-11e9-9b3c-fbc41e168e2a",
"_type": "visualization",
"_source": {
"title": "audit-logging-team operation-group-by-initiator-name",
"visState": "{\"title\":\"audit-logging-team operation-group-by-initiator-name\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"initiator.name.keyword\",\"exclude\":\"\\\"\\\"\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Initiator Name\"}}],\"listeners\":{}}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "5e771c90-1e42-11e9-9b3c-fbc41e168e2a",
"_type": "visualization",
"_source": {
"title": "audit-logging-group-by-syslog-identifier",
"visState": "{\"title\":\"audit-logging-group-by-syslog-identifier\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog_identifier.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Syslog Identifier\"}}],\"listeners\":{}}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
}
]
Kubernetes audit logging dashboard and visualizations
[
{
"_id": "f9f11070-3b6d-11e9-b42d-ab168fec400a",
"_type": "dashboard",
"_source": {
"title": "k8s-audit-logging-dashboard",
"hits": 0,
"description": "",
"panelsJSON": "[{\"size_x\":6,\"size_y\":5,\"panelIndex\":1,\"type\":\"visualization\",\"id\":\"ade39170-3ad8-11e9-a4b7-37e35b0b26d6\",\"col\":1,\"row\":7},{\"size_x\":6,\"size_y\":3,\"panelIndex\":2,\"type\":\"visualization\",\"id\":\"d4762410-3ad8-11e9-a4b7-37e35b0b26d6\",\"col\":7,\"row\":4},{\"size_x\":6,\"size_y\":3,\"panelIndex\":3,\"type\":\"visualization\",\"id\":\"52bdd3f0-3ad8-11e9-a4b7-37e35b0b26d6\",\"col\":1,\"row\":12},{\"size_x\":6,\"size_y\":3,\"panelIndex\":4,\"type\":\"visualization\",\"id\":\"788b08d0-3ada-11e9-a4b7-37e35b0b26d6\",\"col\":7,\"row\":7},{\"size_x\":6,\"size_y\":3,\"panelIndex\":5,\"type\":\"visualization\",\"id\":\"04fb0f20-3ad8-11e9-a4b7-37e35b0b26d6\",\"col\":1,\"row\":1},{\"size_x\":6,\"size_y\":12,\"panelIndex\":6,\"type\":\"visualization\",\"id\":\"20dfe890-3ad9-11e9-a4b7-37e35b0b26d6\",\"col\":7,\"row\":10},{\"size_x\":6,\"size_y\":3,\"panelIndex\":7,\"type\":\"visualization\",\"id\":\"9ec2d8a0-3ad7-11e9-a4b7-37e35b0b26d6\",\"col\":1,\"row\":4},{\"size_x\":6,\"size_y\":7,\"panelIndex\":8,\"type\":\"visualization\",\"id\":\"d4d5b3c0-3ad9-11e9-a4b7-37e35b0b26d6\",\"col\":7,\"row\":22},{\"size_x\":6,\"size_y\":6,\"panelIndex\":9,\"type\":\"visualization\",\"id\":\"7e8b3c50-3ad5-11e9-a4b7-37e35b0b26d6\",\"col\":1,\"row\":15},{\"size_x\":6,\"size_y\":8,\"panelIndex\":10,\"type\":\"visualization\",\"id\":\"bdd21e60-3ad5-11e9-a4b7-37e35b0b26d6\",\"col\":1,\"row\":21},{\"size_x\":6,\"size_y\":3,\"panelIndex\":11,\"type\":\"visualization\",\"id\":\"c91e1360-3ad4-11e9-a4b7-37e35b0b26d6\",\"col\":7,\"row\":1}]",
"optionsJSON": "{\"darkTheme\":false}",
"uiStateJSON": "{\"P-10\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}},\"P-8\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}},\"P-1\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}},\"P-6\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}},\"P-9\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}],\"highlightAll\":true,\"version\":true}"
}
}
},
{
"_id": "ade39170-3ad8-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-api-group",
"visState": "{\"title\":\"k8s-audit-group-by-api-group\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"objectRef.apiGroup.keyword\",\"size\":115,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"api-group\"}}],\"listeners\":{}}",
"uiStateJSON": "{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "d4762410-3ad8-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-api-version",
"visState": "{\"title\":\"k8s-audit-group-by-api-version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"objectRef.apiVersion.keyword\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "52bdd3f0-3ad8-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-log-level",
"visState": "{\"title\":\"k8s-audit-group-by-log-level\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"level.keyword\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"log-level\"}}],\"listeners\":{}}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "788b08d0-3ada-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-log-stage",
"visState": "{\"title\":\"k8s-audit-group-by-log-stage\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"stage.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"stage\"}}],\"listeners\":{}}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "04fb0f20-3ad8-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-namespace",
"visState": "{\"title\":\"k8s-audit-group-by-namespace\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kubernetes.namespace.keyword\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "20dfe890-3ad9-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-resources",
"visState": "{\"title\":\"k8s-audit-group-by-resources\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"objectRef.resource.keyword\",\"size\":115,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"resources\"}}],\"listeners\":{}}",
"uiStateJSON": "{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "9ec2d8a0-3ad7-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-response-status-code",
"visState": "{\"title\":\"k8s-audit-group-by-response-status-code\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"responseStatus.code\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "d4d5b3c0-3ad9-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-source-ip",
"visState": "{\"title\":\"k8s-audit-group-by-source-ip\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sourceIPs.keyword\",\"size\":115,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"uiStateJSON": "{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "7e8b3c50-3ad5-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-user",
"visState": "{\"title\":\"k8s-audit-group-by-user\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"user.username.keyword\",\"size\":125,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"uiStateJSON": "{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "bdd21e60-3ad5-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "k8s-audit-group-by-user-agent",
"visState": "{\"title\":\"k8s-audit-group-by-user-agent\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"userAgent.keyword\",\"size\":115,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"uiStateJSON": "{\"spy\":{\"mode\":{\"name\":\"table\",\"fill\":false}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
},
{
"_id": "c91e1360-3ad4-11e9-a4b7-37e35b0b26d6",
"_type": "visualization",
"_source": {
"title": "kube-audit-group-by-verb",
"visState": "{\"title\":\"kube-audit-group-by-verb\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"verb.keyword\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
}
}
}
]
Using your Kibana dashboard
The following Kibana features are useful to group together similar types of logs, overlook the statistics of each type of log, and apply filters to find desired logs. Navigate to Dashboard > <imported-dashboard>.
- You can view various pie charts representing different grouped audit logs. Each field in the chart is represented with a unique color.
- Hover the mouse over a chart to view count and field names.
- Click any field to view what filter is applied.
- Hover the mouse over a filter to view available options. For example,
pinoption. You can 'pin' the filter to use it inDiscover. If youpinthe filter, and navigate toDiscover, you will see that filter is applied. This helps to find raw logs for specific filters.- option to include or exclude filters
- option to remove the filter option
-
You can apply multiple filters.
For more information about visualization and dashboard use cases, see https://www.elastic.co/guide/en/kibana/current/visualize.html
.
Troubleshooting
Dashboard import error
- Verify that your IBM Cloud Private cluster is generating audit logs and forwarding them to ELK.
- Verify that the
audit-*index pattern has been created:- Open the Kibana web console
- Navigate to
Management > Index Patterns - Click
Create Index Pattern - Set the Index name or pattern as
audit-*. Keep theTime Filterfield name as@timestamp.
- Refresh the
audit-*index field list.- Open the Kibana web console.
- Navigate to
Management > Index Patterns. - Click the
audit-*index pattern. - Click
Refresh field list.