Skip to content

Home

Jump to bottom
molu8bits edited this page Sep 22, 2019 · 1 revision

Welcome to the squid-filebeat-kibana wiki!

how to create SQUID_DST visualization

  1. Go to "Visualisations" and "Create new visualisations"

  2. Pick "Coordinate Map" from the list

  3. At step "Choose a source" change "type" to "Index pattern" and click on "filebeat-*" (it can be also "Saved search" and "Squid3 Proxy Access" if exists)

  4. At Data tab under "Buckets" click "Add" and choose "Geo coordinates" and then "Geohash" as aggregation.

  5. At "Field" click on drop down menu and start typing "squid.access.geoip.location" (if that value is not available it means that index has no required mapping. Only fields with "geo_point" type a visible here)

  6. At the top right corner change time to the time range where records are expected and run "Update". (e.g. Last 24 hours)

  7. Click play icon "Apply changes".

  8. If color circles showed up then on the left top corner click "Save", provide title "SQUID_DST" and click on "Confirm Save"

  9. Go to the Squid dashboard and check if map is there. If not - edit, delete from the dashboard old reference and add newly created "SQUID_DST". Save the dashboard at the end.

Clone this wiki locally