...
- Current ELK versions: elasticsearch 2.4, kibana 4.6 (no logstash is being used)
- To better create the dashboards with enhanced features and look, upgrading to version 5.6 is desired. (note: Logging project is using 5.5)
- Upgrade from 2.x to 5.x needs "Full Cluster-restart Upgrade".
Feature Enhancements
- Any Any change of the validation/violation data being pushed to elasticsearch?
- violationDetails (which tells what is really different) need to be parsed (using logstash) or sent/stored by search-service (see the sample event below)? Kibana cannot use the such nested info in the visualizations.
- Any other meta-data useful? e.g., who invoked the validation (user, dept) invoked the validation
(Note) Below are the current sample validation and violation events currently stored in ES.
2. Dashboard Ideas
...
| Dashboard Type | Description (What To Want to See) | Required Information To Show (Visualizations) | |
|---|---|---|---|
| 1 | Overall Audit Monitor | As a general admin, I want to see the whole platform integrity - health status in terms of all validation rules configured |
|
| 2 | Individual Audit Analysis | Given a validation job, the user wants to see and quickly recognize all related relevant violations found by POMBA |
|
| 3 | |||
| 4 | Violation Analysis | what kind of violations mostly occur in which components |
|
| 5 | Violation Analysis for Network Discovery |
...