Skip to content

PunchPlatform Plugin Overview

Kibana Punchplatform Plugin Home Page

The plugin is a set of features developed by Punchplatform. Its goal is to search for additional Kibana features that are accessible and powerful.

Here is a breakdown of the features of the kibana Punchplatform plugin:

  1. Platform Resources: Data travels from a point to another through a channel. Configure channels punchlets;
  2. Data extractions: Easily execute data extraction. Use it to create subsets of data to display in Kibana or export as csv.
  3. Punch Machine Learning: Use all the power of Spark and Machine Learning with the Punch Machine Learning (PML) graphical editor;
  4. Punch & Grok testers: Easily test and run punchlets or grok patterns.
  5. Documentation: Need help? Check the Punchplatform documentation without leaving kibana;

Platform Resources

This files explorer allows you to view the complete configuration of your channels and punchlets. Browse the tree on the left, click on a file name and view its contents.

Kibana Punchplatform Plugin Channel Configuration

You can only view files. Changes will not take effect.

Data extractions

Data extractions retrieves subsets of data. Using filters, you can filter data to be extracted and choose where to extract them.

Create an extraction

To create a new extraction, click on Extraction Editor in the top menu.

Before you perform an extraction

  • make sure you have added an index pattern in Kibana.
  • Save a kibana search from Discover tab.

Fill in the fields

Kibana Punchplatform Plugin Data Extractions Editor

Kibana Punchplatform Plugin Data Extractions Editor

  • Kibana saved search: Select from which save search (made from Discover) to extract the data
  • Extraction range: Select date range
  • Max size: Set maximum output rows
  • Extract _id: Check to add a column id which contains Elasticsearch document _id
  • Extract all fields: Check to add a column source which contains Elasticsearch document _source
  • Fields to extract: Select fields you want in your subset. Click on the field to put it into the other column. The available fields are on the left, the selected fields are on the right.
    TIPS: Use arrows between columns to move all from left to right and vice-versa.
  • Filters: Add filters on your extract data
  • Description: Name your extraction
  • Output format: Choose where to extract, in another Elasticsearch index, or in file (CSV/JSON)
  • Tenant: Choose in which tenant perform extraction

You can then Save form and go to Executions to launch your extraction.

Display extractions

Click on Extractions in the top menu. All extractions created are displayed on this screen.

Kibana Punchplatform Plugin Data Extractions Scheduler

You can see extraction information like id, description, current status, output location and perform actions.

  • Status: Available status are Scheduled, Submitted, Running, Success, Failed.
  • Output: Extracted data location, if is in Elasticsearch, extracted data are in an new index pattern, add it in Kibana (settings), else if output is a file (CSV or JSON), you can download file directly.

Create a references set

References sets is a list of data of the same type used in filter when you perform an extraction. For example you can create a suspicious IP list and extract data where field client.ip matching the list.

Click on Create to create a new list

Fill in the form specifying the data type and the list file.

Kibana Punchplatform Plugin Create References Sets

the file format is simple. One entry per line."

Display references set

You can see in Reference Set tab, all saved list. Click on one to display content.

Kibana Punchplatform Plugin References Sets Scheduler

Kibana Punchplatform Plugin References Sets Detail

Spark

Punchplatform offers an intuitive graphical interface to use the Spark's strength. Use drag and drop to place nodes in a graph, connect and configure nodes, click on Execute. That's all.

Create a Spark/PML graph

Drag a node on the left menu and drop it on the grid.

Put many nodes on the graph and connect. The links are automatically configured.

Kibana Punchplatform Plugin Spark Graph

Double-click on the node to edit it, all field are automatically updated at the change. You can read help for configuring nodes in chapter Machine-Learning in this documentation.

Kibana Punchplatform Plugin Spark Editor View

When your graph is ready, you can display full configuration by clicking on view button in the toolbar. Save or Save & execute graph. You can see execution detail in the Spark Scheduler tab.

Display spark executions

You can see execution detail in the Spark Scheduler tab.

Kibana Punchplatform Plugin Spark Scheduler

  • Status: Available status are Scheduled, Submitted, Running, Success, Failed.

A tour of Punch

A tour of Punch let you learn Punch language or improve your skills using the online tour;

Kibana Punchplatform Plugin Punch Tour

Documentation

Need help? Check the Punchplatform documentation without leaving kibana;

Kibana Punchplatform Plugin Documentation