Skip to main content

Viewing the Results

Now that we've created the Pipeline that will generate our metrics, we need to change the collector such that it uses the new Pipeline instead of the passthru Pipeline.

important
  1. Click the Cribl upper tab to go back to Stream.
  2. With Manage active in Stream's top nav, select Data and click Sources.
  3. Click on S3 in the Collectors section.
  4. Expand the pan-logs collector by clicking on it.
  5. In the Result Settings > Result Routing section, change the Pipeline field to use firewall_metrics, and click Save.

That section should now look like this: Collector Change

Now all that's left is to run the collector job and look at our results. In this case, unlike our earlier job, we actually want to collect all of the data in the archive bucket.

important
  1. Click the Run button next to your collector, and the Run configuration modal will appear.
  2. Click the Full Run selection, leave everything else as the default, and click Run. The modal should look like this: Run Configuration modal
note

If you click Stream's Monitoring tab, hover over the System menu, and then click Jobs in resulting submenu, you can monitor the the data collection, like this: Routes Monitoring

The full job is likely to take about 15 minutes to run, but you can see results after a couple minutes. Here's how:

important
  1. Click the Kibana - Dashboard upper tab.
  2. On the Dashboard, click the Refresh button.

Once the screen has refreshed, the visualizations should now have data in them, and look something like this: Kibana Dashboard with Data