...
- Current ELK versions: elasticsearch 2.4, kibana 4.6 (no logstash is being used)
- To better create the dashboards with enhanced features and look, upgrading to version 5.6 is desired. (note: Logging project is using 5.5)
- Upgrade from 2.x to 5.x needs "Full Cluster-restart Upgrade".
Feature Enhancements
- Any Any change of the validation/violation data being pushed to elasticsearch?
- violationDetails (which tells what is really different) need to be parsed (using logstash) or sent/stored by search-service (see the sample event below)? Kibana cannot use the such nested info in the visualizations.
- Any other meta-data useful? e.g., who invoked the validation (user, dept) invoked the validation
(Note) Below are the current sample validation and violation events currently stored in ES.
2. Dashboard Ideas
...
Dashboard Type | Description (What To Want to See) | Required Information To Show (Visualizations) | |
---|---|---|---|
1 | Overall Audit Monitor | As a general admin, I want to see the whole platform integrity - health status in terms of all validation rules configured |
|
2 | Individual Audit Analysis | Given a validation job, the user wants to see and quickly recognize all related relevant violations found by POMBA |
|
3 | |||
4 | Violation Analysis | what kind of violations mostly occur in which components |
|
5 | Violation Analysis for Network Discovery |
...