Now that data is coming into ElasticSearch, this section will go through the creation of some basic dashboards.
Open up your Kibana instance and login. Once logged in, select the menu and navigate to Dashboards. Go ahead and select the "Create Dashboard" button. This is going to be where we add our visualizations.
Once you select "Create Dashboard", select "Create Visulization" to get started. You'll see all the awesome and simplified field options in the left bar and on the right will be where we select which fields we want to visualize.
One helpful feature is the ability to click any field and see what data is available for visualizing.
Lets start by generating some basic metrics. Select the drop down menu on top of the empty visualization and select "Metric".
If you recall in earlier excercises, we cleaned up our data so "value" is its own field. What that means is any of the other fields can be used as almost a filter to display your "values".
In this example, we've selected "bgp.name.keyword" which shows us the fields tied to our BGP telemetry stream, along with the "value" associated with each field.
To keep it simple, and because we are using this to visualize streaming telemetry (live data), we are going to select the "Last Value of Data" and then we are going to break the data down by the top 5 values.
Now lets try a field that contains more data. Drag "interface.name.keyword" onto the screen. Your metric boxes will reset. On the right side, move interface.name.keyword from "Primary Metric" to "Break down by". Now lets grab the "value" field from the left column and drag it to "Primary Metric". You'll see your interface data populate.
Now lets clean it up. Select the "value" field under "primary metric". Change the function from "median" to "Last Value" to monitor the live data.
Now scroll down to "Appearance" and change the format to "Bytes". Since we are feeling nerdy, lets add a neat compute icon :).
Well will you look at that. Now we can see the bandwidth going in and out of our routers. It's almost like Elastic is made for this!
Go ahead and save, which will add it to your dashboard. Give it a name and lets move on to the next visualization!
What's better than seeing live metrics? That's right! Metrics over time. Everyone loves seeing those peaks and valleys. Lets add another visualization but this time select the "Line" chart from the top. Now we want to start with using the timestamp as our horizontal access.
Now lets drag our "value" field to the vertical access. Once you do that, select it and choose the "Last value" of value.
Now this is the cool part having organized data. You can really use this exact same line chart and replace it with any telemetry stream you want. Let's do SLAs for this first one. Drag the "sla.name.keyword" to breakdown.
You may notice the "other" line on the chart. If you want to remove any of these fields, all you have to do is select it and filter it out.
Go ahead and save the SLA line chart to your dashboard. Once saved, select it in the dashboard and clone it. On the cloned panel, click the gear in the top right and select "Edit Lens".
Remove the filter from the top, which was specfically for SLAs. Drag your interface.name.keyword field to the breakdown box. You'll see the interface lines pop up. Now go to Last value of value and change the metric to Bytes again.
Not much traffic flowing through our simulated network anymore. Go ahead and filter out any fields you don't want. Then, depending on how long your telemetry has been collecting, go to the top and change the value of your time.
In the above example, I am now going back 15 days. You can see where my simulation was probably shut down and then turned back on. Go ahead and add any additional filters and then save it to the dashboard.
Since we took some extra steps to get our geo-location sent into Elastic, lets start by creating a cool map to overlay some data on top of. If you hover over the location field, you'll see our correctly populated geo-points (I'm pretty excited about this). Use the sidebar to nagivate to "Maps".
Select "Add Layer" and then selet "Documents". Now we want to select our dataset and then our Geolocation field.
Create a new layer. Add some tooltips that will be pop ups on the map that show the data you're looking for.
Go ahead and addd it to your dashboard. We will come back to this in another excercise. For now we just want to get our dashboard looking good.
Now you just have to drag and organize all the visualizations the way you want them layed out. Once you do that, you can start adding some filters at the top using the "Controls" option.
There you go. Now you have a working dashboard displaying your telemetry.