Hello,
I am new to OD and exploring this to implement…
I am currently using ELK as a standalone install…
Installed filebeats on source app server whose logs need to be monitored and that will send data to Logstash and then to elasticsearch and finally viewing on Kibana…
How would this flow look like with OpenDistro ?
I am little confused on this part…Any suggestions on this ?
Your stack should look exactly like it does with ELK. You take ODFE instead of “regular” (provided by Elastic) Elasticsearch, the same for Kibana and finally you need to take the OSS flavor of the beats/logstash (there are respective links on Elastic download pages). The specific setup and architecture (e.g. filebeat–>logstash–>elasticsearch) depends on your specific solution and it has nothing to do which stack you use. Both do the same
Thank you for the response…I ran the OSS flavor of logstash and sent the output to OD and it seems to be working fine…
Now the next step in this would be to understand how to move my existing visualizations, users, roles, dashboards etc from the default one to OD Kibana…
→ Does the export import of dashboards and visualizations work between elastic version and OD ??
→ How can I move the users and roles from elastic to OD ?
I can only tell based on my own experience.
Almost all visualizations worked as is. Only those which used X-PACK features obviously failed and I had to migrate them (for example dashboard drill down is not in Kibana OSS version, so I had to replace it with TSVBs which have links to the drilled down dashboard with automatic filter applying.
Security is a little more painful point as it is all under X-PACK in Elastic and you have to switch to OD security plugin. I just redefined the users, roles and tenants (a feature covered by workspaces concept in X-PACK). Also, Index Life Cycle Management can’t be 100% automated in OD (at least I did not find how, this is something I would really recommend to security plugin owners in OD to handle ASAP). See Error while rollover action. How to create rollover alias? for the respective discussion.
The rest was pretty much smooth.