Run Book
Also available as:
PDF

Configuring a New Data Source Index in the Metron Dashboard

Now that you have an index for the new data source with all of the right data types, you need to tell the Metron dashboard about this index.

  1. Launch the Metron dashboard if you have not already done so:

    1. From Ambari, click Kibana in the list of quick tasks.

      Figure 2.16. Ambari Task List


    2. Select Metron UI from the Quick Links menu in the top center of the window.

  2. Click the Settings tab on the Metron dashboard.

  3. Make sure you have the Indices tab selected, then click +Add New.

    Kibana displays the Configure an index pattern window. Use the index pattern window to identify your telemetry source.

    Figure 2.17. Configure an Index Pattern


  4. In the Index name or pattern field, enter the name of the index pattern of your data telemetry source.

    In most cases the name of the index pattern will match the sensor name. For example, the 'bro' sensor has an index pattern of 'bro-*'.

  5. If your data telemetry source does not contain time-based events, clear the Index contains time-based events check box.

    If your data telemetry source does contain time-based events, leave the check box as is. Most of your data telemetry sources will contain time-based events.

  6. Click Create to add the index pattern for your new data telemetry source.

    If you would like this new index pattern to be the default, click the Green Star icon ().