Skip to content

PunchPlatform Plugin Overview

Kibana Punchplatform Plugin Home Page

The plugin is a set of features developed by Punchplatform. Its goal is to search for additional Kibana features that are accessible and powerful.

Here is a breakdown of the features of the kibana Punchplatform plugin:

  1. Platform Resources: Data travels from a point to another through a channel. Configure channels punchlets;
  2. Data extractions: Effectuer facilement des extractions de données. Utilisez-le pour créer des sous-ensembles de données et les consulter dans Kibana, ou les exporter en CSV;
  3. Punch Machine Learning: Use all the power of Spark and Machine Learning with the Punch Machine Learning (PML) graphical editor;
  4. Punch & Grok testers: Easily test and run punchlets or grok patterns.
  5. Documentation: Need help? Check the Punchplatform documentation without leaving kibana;

Platform Resources

This files explorer allows you to view the complete configuration of your channels and punchlets. Browse the tree on the left, click on a file name and view its contents.

Kibana Punchplatform Plugin Channel Configuration

You can only view files. Changes will not take effect.

Data extractions

Data extractions retrieves subsets of data. Using filters, you can filter data to be extracted and choose where to extract them.

Create an extraction

To create a new extraction, click on Extraction Editor in the top menu.

Before you perform an extraction, make sure you have added an index pattern in Kibana.

Fill in the fields

Kibana Punchplatform Plugin Data Extractions Editor

  • Index Pattern: Select from which index to extract the data
  • Description: Explain this extraction
  • Output format: Choose where to extract, in another Elasticsearch index, or in file (CSV/JSON)
  • Filter: Add filters to extract data, you can use references sets here
  • Fields to extract: Select fields you want in your subset. Click on the field to put it into the other column. The available fields are on the left, the selected fields are on the right.

Remember to filter over a time range or you may extract too much data

You can then save only and execute after or save and execute now.

Display extractions

Click on Extraction Scheduler in the top menu. All extractions created are displayed on this screen.

Kibana Punchplatform Plugin Data Extractions Scheduler

You can see extraction informations like id, description, current status, output location and perform actions.

  • Status: Available status are Scheduled, Submitted, Running, Success, Failed.
  • Output: Extracted data location, if is in Elasticsearch, extracted data are in an new index pattern, add it in Kibana (settings), else if output is a file (CSV or JSON), you can download file directly.

Create a references set

References sets is a list of data of the same type used in filter when you perform an extraction. For example you can create a suspicious IP list and extract data where field client.ip matching the list.

Click on Create to create a new list

Fill in the form specifying the data type and the list file.

Kibana Punchplatform Plugin Create References Sets

the file format is simple. One entry per line."

Display references set

You can see in Reference Set tab, all saved list. Click on one to display content.

Kibana Punchplatform Plugin References Sets Scheduler

Kibana Punchplatform Plugin References Sets Detail

Spark

Punchplatform offers an intuitive graphical interface to use the Spark's strength. Use drag and drop to place nodes in a graph, connect and configure nodes, click on Execute. That's all.

Create a Spark/PML graph

Drag a node on the left menu and drop it on the grid.

Put many nodes on the graph and connect. The links are automatically configured.

Kibana Punchplatform Plugin Spark Graph

Double-click on the node to edit it, all field are automatically updated at the change. You can read help for configuring nodes in chapter Machine-Learning in this documentation.

Kibana Punchplatform Plugin Spark Editor View

When your graph is ready, you can display full configuration by clicking on view button in the toolbar. Save or Save & execute graph. You can see execution detail in the Spark Scheduler tab.

Display spark executions

You can see execution detail in the Spark Scheduler tab.

Kibana Punchplatform Plugin Spark Scheduler

  • Status: Available status are Scheduled, Submitted, Running, Success, Failed.

A tour of Punch

A tour of Punch let you learn Punch language or improve your skills using the online tour;

Kibana Punchplatform Plugin Punch Tour

Documentation

Need help? Check the Punchplatform documentation without leaving kibana;

Kibana Punchplatform Plugin Documentation