Kibana Data Discovery

Kibana is the visualization part of the Elastic Stack. It provides a web-based user interface for viewing and charting the data stored in Elasticsearch. Using Data Views (formerly known as Index Patterns), we can map Kibana with the data that our Logstash configuration is outputting to Elasticsearch. 

1. Access your Kibana instance. Note: If desired, you must configure Kibana to allow remote access, such as from a secondary Windows machine. Find instructions here. 

2. Navigate to Stack Management → Data Views. Your configuration will appear here as an available index pattern. Click Create data view.

   1. Name the index pattern csp-dns-events. 

   2. In the Timestamp field, select @timestamp. Click Create data view.

Open

3. Click the menu icon in the topbar. Select Discover. 

4. Here you will see all the DNS security records retrieved from the CSP.
   You can perform extensive searching, displaying, and filtering here. Click on some Available fields in the left panel to view field totals for this dataset and organize your hits.

Open

5. Use the top search bar to return hits with specified field values. Try searching for result.tproperty : "spyware”. You can also just type spyware. You can save searches, open searches, apply filters and more. 

Open