First I’m thrilled that finally we have a forum for Graylog, yah! Ok back on point: I’m using the netflow plug-in and I’m a bit challenged with creating more in-depth visualizations; The plug-in works; I can easily duplicate the sample dashboard but that’s as far as I can get. The dashboard means of visualizations are standard Graylog tools such as quick values and charts. None are clickable once shown on the dashboard which does look beautiful but it’s the end game so to speak.
Has anyone played with ELK and integration with the Kibana project for netflows or any other visualization front-end which can easily pull the data from Graylog? I just love to use it for storing and searching of my netflow data as it acts as a wonderful netflow collector; I just need some help with the front-end visualization of my netflows.
Kibana and Grafana are both great visualization tools that sit on top of Elasticsearch and are able to use any type of data saved in it. So you could simply put a Kibana or Grafana instance next to your Graylog or Elasticsearch instance, connect it, select your Graylog indices as data sources and start building more complex dashboards. It can use any data that Graylog parsed from your inputs.
The only thing you should really make sure is that the fields contain only one variable type. Graylog is fine with dynamic mapping to some extend while these tools are definitely not (especially since you probably want a lot of numerical displays)
If you need help setting up Kibana or Grafana I’ll be happy to help. I’m busy at work until Wednesday, but I’ll try to write a little setup tutorial
My issue is that the latest Kibana which comes as an apt-get package doesn’t appear to be compatible with Elasticsearch which comes with Graylog. Is there a way to pull Elasticsearch from Kibana given that I have a working Graylog node with all the dependencies that it requires and sadly an older 2.x version of Elasticsearch?
The latest with Elasticsearch 2.4.x compatible version is Kibana 4.6.3. You can manually download and install it here or use their repository as described here.
You can check the compatibility of elastic products on their support matrix.
