wazuh-documentation icon indicating copy to clipboard operation
wazuh-documentation copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Add "Create a custom dashboard" section to current documentation

Open maumrsms opened this issue 2 years ago • 0 comments

Hello team!

I noticed that we have no section for custom dashboard creation in our current documentation for Wazuh Dashboard when we already had it in the past for Opendistro: https://documentation.wazuh.com/4.2/user-manual/kibana-app/reference/custom-dashboard.html

The process remains the same still in Wazuh Dashboard+Wazuh Indexer. We should only update the screenshots.

Creating Visualization

Go to the Visualize tab. image

Click on Create new visualization. image

And select a visualization type among the ones available. As an example, we will be taking the Horizontal Bar chart, but it is essentially the same for other types of visualization. image

Next step will be selecting the index that will be used as a data source. We can work with any index that we created previously, but generally, we will be working with wazuh-alerts-*. image

At this point, a graph will be generated. You can select a lapse of time to display the information related to that period. Click on the following dropdown menu, define it and then update your changes. image

This chart can be configured to match your preferences. You can organize your data using Metrics and Buckets. image

Metrics section has options in order to quantify the data: Count, average, sum, max/min, etc.

Buckets are aggregations of data that are sorted according to your search criteria.

For this example, we will leave the Y-Axis as default (count) and we will modify the Buckets (X-Axis) to sort them according to the level of the rules that have been triggered.

To do so we will have to click on X-Axis: image

Select the Terms option in the Select an aggregation menu: image

Now you will be able to select a Field to sort by (e.g. rule.level): image

And, eventually, you will need to apply the changes to visualize them: image

Now you will be able to see a chart like this: image

Saving a Visualization

Once we have created a customized visualization, as we did in the previous section, we can save it by clicking on Save. image

After that, set a name for it and confirm. image

Creating a Custom Dashboard

In order to create a customized dashboard we can reuse a saved visualization in the Dashboard section: image

Just have to click on Create a new dashboard: image

And then click on Add. image

Now you can select a visualization to add among the ones you have saved. We will choose the bar chart that we created previously and then click on Create new visualization: image

You will be able to see the visualization added to the dashboard: image

You can keep adding visualizations to the dashboard following the same process so that it fits your preferences. image

Once you have finished editing your dashboard you will need to save it by clicking Save. image

Set its name, description and save it: image

Additional comments Performed all steps in Wazuh 4.3.6 - App revision 4307 image

maumrsms avatar Aug 10 '22 20:08 maumrsms