Dashboards
Logz.io uses OpenSearch and OpenSearch Dashboards as a platform to store data. Logz.io Dashboards enables you to interactively explore, visualize, and share insights into your network flow data.
Download Logz.io Dashboards Objects
The Logz.io dashboards and related configuration artifacts can be easily imported. You must first download the relevant import file, depending on the configuration of your environment.
Saved Objects for Logz.io
| Version | Schema | Theme | Configuration |
|---|---|---|---|
| 1.0.x - 1.2.x | CODEX | dark | dashboards-1.0.x-codex-dark.ndjson |
| 1.0.x - 1.2.x | CODEX | light | dashboards-1.0.x-codex-light.ndjson |
| 1.0.x - 1.2.x | ECS | dark | dashboards-1.0.x-ecs-dark.ndjson |
| 1.0.x - 1.2.x | ECS | light | dashboards-1.0.x-ecs-light.ndjson |
Import Logz.io Dashboards Objects
To import the configuration, in Logz.io Dashboards go to Stack Management --> Saved Objects and click Import in the upper right corner.
Recommended Logz.io Dashboards Advanced Settings
You may find that modifying a few of the Logz.io Dashboards advanced settings will produce a more user-friendly experience while using ElastiFlow. These settings are made in Logz.io Dashboards, under Stack Management -> Advanced Settings.
Some Advanced Settings may not be available in the Logz.io Dashboards UI. You may need to contact Logz.io support to make some changes.
| Advanced Setting | Value | Why make the change? |
|---|---|---|
| filters:pinnedByDefault | true | Pinning a filter allows it to persist when you are changing dashbaords. This is very useful when drilling-down into something of interest and you want to change dashboards for a different perspective of the same data. This is the #1 setting we recommend changing. |
| defaultRoute | see description | If your primary or only use-case for Logz.io Dashboards is ElastiFlow, set this the URL path for the dashboard to which you which to load immediately after logging in, or when returning to "home". The format of this value is /app/dashboards#/view/4a608bc0-3d3e-11eb-bc2c-c5758316d788. |
| doc_table:highlight | false | There be a query performance penalty that comes with using the highlighting feature. As it isn't very useful for this use-case, it is better to just turn it off. |
| state:storeInSessionStorage | true | Logz.io Dashboards URLs can get pretty large. Especially when working with Vega visualizations. This will likely result in error messages for users of Internet Explorer. Using in-session storage will fix this issue for these users. |
| theme:darkMode | true or false | Enable dark mode for the Logz.io Dashboards UI. This setting should match the ndjson import file discussed above. |
| timepicker:timeDefaults | see below | The Time Picker Quick Range to use when Logz.io Dashboards is started without one. |
| timepicker:quickRanges | see below | The default options in the Time Picker are less than optimal, for most logging and monitoring use-cases. Fortunately Logz.io Dashboards now allows you to customize the time picker. Our recommended settings can be found below. |
| format:number:defaultPattern | 0,0.[00] | Default numeral format for the "number" format. |
| format:percent:defaultPattern | 0,0.[00]% | Default numeral format for the "percent" format. |
Recommended Time Picker Time Defaults (timepicker:timeDefaults)
We find that the following Time Picker Time Default provides more useful views of the data for network flow related use-cases.
{
"from": "now-1h/m",
"to": "now"
}
Recommended Time Picker Quick Ranges (timepicker:quickRanges)
We find that the following set of Time Picker Quick Ranges provides more useful views of the data for network flow related use-cases.
[
{
"from": "now-15m/m",
"to": "now/m",
"display": "Last 15 minutes"
},
{
"from": "now-30m/m",
"to": "now/m",
"display": "Last 30 minutes"
},
{
"from": "now-1h/m",
"to": "now/m",
"display": "Last 1 hour"
},
{
"from": "now-2h/m",
"to": "now/m",
"display": "Last 2 hours"
},
{
"from": "now-4h/m",
"to": "now/m",
"display": "Last 4 hours"
},
{
"from": "now-12h/m",
"to": "now/m",
"display": "Last 12 hours"
},
{
"from": "now-24h/m",
"to": "now/m",
"display": "Last 24 hours"
},
{
"from": "now-48h/m",
"to": "now/m",
"display": "Last 48 hours"
},
{
"from": "now-7d/m",
"to": "now/m",
"display": "Last 7 days"
},
{
"from": "now-30d/m",
"to": "now/m",
"display": "Last 30 days"
},
{
"from": "now-60d/m",
"to": "now/m",
"display": "Last 60 days"
},
{
"from": "now-90d/m",
"to": "now/m",
"display": "Last 90 days"
}
]