Installing and Configuring Elasticsearch & Kibana
This document explains how to install and configure Elasticsearch/Kibana for uberAgent (in this simple tutorial, we assume that you only have a single node with Elasticsearch and Kibana).
Installation
Follow Elastic’s installation guide to install Elasticsearch.
Configuration for uberAgent
Elasticsearch 6.x
Run the following PowerShell command on the Elasticsearch server to create an index template for uberAgent with the required field definitions:
Invoke-RestMethod -Uri http://localhost:9200/_template/uberagent -Method Put -InFile .\elasticsearch-uberagent.json -ContentType "Application/json"
On Linux use:
curl -XPUT -H 'Content-Type: application/json' http://localhost:9200/_template/uberagent [email protected]The file elasticsearch-uberagent.json is part of the uberAgent download package.
If you enabled X-Pack security, you need to pass the elastic user (configured during the setup) for the commands above. On Windows use the -Credential parameter, for Linux -u.
Elasticsearch 7.7 And Lower
Run the following PowerShell command on the Elasticsearch server to create an index template for uberAgent with the required field definitions:
Invoke-RestMethod -Uri http://localhost:9200/_template/uberagent?include_type_name=true -Method Put -InFile .\elasticsearch-uberagent.json -ContentType "Application/json"
On Linux use:
curl -XPUT -H 'Content-Type: application/json' http://localhost:9200/_template/uberagent?include_type_name=true [email protected]The file elasticsearch-uberagent.json is part of the uberAgent download package.
If you enabled X-Pack security, you need to pass the elastic user (configured during the setup) for the commands above. On Windows use the -Credential parameter, for Linux -u.
Elasticsearch 7.8 And Higher (Including 8.x)
Run the following PowerShell command on the Elasticsearch server to create an index template for uberAgent with the required field definitions:
Invoke-RestMethod -Uri http://localhost:9200/_index_template/uberagent -Method Put -InFile .\elasticsearch-uberagent.json -ContentType "Application/json"
On Linux use:
curl -XPUT -H 'Content-Type: application/json' http://localhost:9200/_index_template/uberagent [email protected]The file elasticsearch-uberagent.json is part of the uberAgent download package.
If you enabled X-Pack security, you need to pass the elastic user (configured during the setup) for the commands above. X-Pack security is enabled by default since Elasticsearch 8. On Windows use the -Credential parameter, for Linux -u.
If you want to use an Elasticsearch data stream instead of a classic index, add "data_stream": {}, to the file elasticsearch-uberagent.json. Example:
{
"priority": 100,
"index_patterns": [
"uberagent*"
],
"data_stream": {},
"template": {
"mappings": {
"dynamic": "strict",
"properties":
{
"@timestamp" : {"type" : "date"}
}
}
}
}Kibana
Follow Elastic’s installation guide to install Kibana
Dashboards
uberAgent only comes with Splunk dashboards. Nevertheless, there is a way to visualize uberAgent data in Elasticsearch using XOAP’s Kibana dashboard package.
XOAP’s GitHub repository has 60+ dashboards that visualize a large part of the data set collected by uberAgent.
Install uberAgent
Read on about how to install uberAgent.
To configure uberAgent to send data to Elasticsearch, a configuration section similar to the following is required:
[Receiver]
Name = Default
Type = Elasticsearch
Protocol = HTTP
Servers = http://servername:9200
# The setting RESTToken is required if X-Pack security is enabled. It is enabled by default since Elasticsearch version 8.
RESTToken = username:password