Dashboards load

Diaz

We have updated ELS to the latest version. Currently, we are trying to upload the 'windows-ad' dashboard located at /.install/integration/windows-ad/dashboard/ using the following curl command, as per the instructions:
curl -s -k -X POST -u logserver:<password> "https://127.0.0.1:5601/api/kibana/dashboards/import?force=true" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d@"${dashboard}"
We also attempted to use a separate command for each JSON file with the following command:
curl -s -k -X POST -u logserver:logserver "https://192.168.1.199:5601/api/kibana/dashboards/import?force=true" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d@ad-computer_accounts.json
However, each time we encountered failure and received the following response:
{"statusCode":404,"error":"Not Found","message":"Not Found"}


[upl-image-preview url=https://community.energylogserver.com/assets/files/2023-10-12/1697089059-106700-image.png]

SzymonC

Hi,

Yeah, normally 404 Not Found suggest that import command cannot find the file you are pointing. But in this case let's try one more command, which is more accurate to the new framework of UI. Try something like this:
curl -s -k -XPOST -u logserver:<password> "https://<your_ui_ip>:5601/api/opensearch-dashboards/dashboards/import?force=true" -H 'osd-xsrf: true' -H 'Content-Type: application/json' -d @ad-accounts.json
Note that command above assumes that you are in directory you've mention.

Let me know if this helps!

Diaz

SzymonC "It's because we are using dashboards and the Logstash configuration file from the /install/integration/syslog-mail directory, and the dashboard is not displaying information now. It seems like there might not be enough information in general or not enough information split into lines. We are taking maillog from the Postfix mail server. Perhaps, for this parser, it's necessary to consider other server event logs as well. Do you have any experience with using Postfix logs, and what best practices can you recommend?"

Note: When working with Postfix logs, it's important to ensure that your Logstash configuration is correctly parsing the log format and that you are collecting all relevant log files to capture the necessary information for your use case. Best practices may vary depending on your specific requirements and objectives..

SzymonC

Hi,

This is simple case of parser adjusting. Although simple, that doesn't mean it will be quick. I mean what clearly has to be done is verification of syslog-mail logstash parsers vs actual data from the source. Visualizations might not show data, because parser is not extracting field program.

You can go to the edit mode and see details of each dashboard panel (which are in fact individual searches and visualizations) to learn details:

1.

2.

Let me know if this helped a little. Here helpful knowledge will be about parsers structures (Input, Filter, Output), plugins and regular expressions. 🙂
I often like to use website https://regex101.com to verify my regexes. Highly recommend.