Update info about loading dashboards and index templates #4778

dedemorton · 2017-07-27T20:51:23Z

I plan to make additional changes to the getting started flow about setting up the dashboards because the current flow is not ideal, but I'll make that in a separate PR.

UPDATE: Changed my mind. Didn't want to have two separate PRs with a mix of changes, so I'll put everything in this PR.

andrewkroh · 2017-07-27T20:53:12Z

auditbeat/docs/faq-ulimit.asciidoc

+[[ulimit]]
+=== {beatname_uc} fails to watch folders because too many files are open?
+
+Because of the way file monitoring is implemented on Mac OS, you may see a


Apple refers to it as "macOS". https://www.apple.com/macos/sierra/

dedemorton · 2017-07-29T21:08:10Z

@andrewkroh I'm working on another set of changes related to dasbhboard loading. There's quite a bit of overlap with this PR, so I'm going to take the changes in my other branch and cherry-pick them into this branch. I'll mark this PR as "in progress" and continue adding commits to it. I'm going to have to make changes to multiple beats to avoid breaking things, so I'll change the name of this PR, too.

dedemorton · 2017-07-31T06:13:35Z

libbeat/docs/shared-template-load.asciidoc

+
+//REVIEWERS: I'm keeping separate steps for the loading the index template and the dashboards since it seems like the index template loading happens automatically, but the dashboard loading must be specified. It might be confusing to describe this in one step. Plus having separate steps helps users understand that two very different operations are taking place (the loading of the index template into ES and the loading of dashboards into Kibana)
+
+//TODO: I think this needs to be deleted. Commenting it out for now just in case. Also need to remove conditional flag


Can someone confirm that there is no reason to keep the content commented out here?

It's perfect the way it's described.

monicasarbu · 2017-07-31T08:31:21Z

libbeat/docs/template-config.asciidoc

 is false.

-*`settings.index`*:: A dictionary of settings to place into the `settings.index` dictionary of the
+//REVIEWERS: I don't see the following options in the reference.yml file. Are they still available/valid?


The setup.template.settings shows up only in the metricbeat.yml, not in the reference.yml. I will fix it.

Good catch @dedemorton. Open a PR: #4791

monicasarbu · 2017-07-31T08:40:18Z

metricbeat/docs/gettingstarted.asciidoc

 {libbeat}/config-file-permissions.html[Config File Ownership and Permissions]
 in the _Beats Platform Reference_).

+//REVIEWERS: It seems really inconvenient to users to expect them to change ownership on all the files in `modules.d`. This is something I had to do, but not 100% sure if there is a better way. Please advise.
+


@exekias can have a better input here.

I noticed that Tudor also created an issue about this, so I think it is required.

I agree we may need to think about something here, we have strict.perms flag to avoid this (with the cost of losing some security). deb/rpm packages also ave these permissions right by default. Not sure we can help on the tar.gz case

I think using the strict.perms is fine here. I'd explain why it's used and link over to docs for the option.

I made this comment previously, and I still think we should consider it.

Another option would be to make -strict.perms=false the new default. Then modify the scripts that start Beats as services to enable the checks. I liken this to how ES disables bootstrap checks for non-production mode.

@andrewkroh Ok, I've added the note about -strict.perms. I know we're talking about the getting started experience here, but I sort of worry if we start recommending something in the GS that could get people into trouble later on. See how this works. If the developers on the team decide that we want to tell users straight out to run the the beats with -strict.perms=false then I can change it, but the way it's written now users at least understand that there's a choice to be made...and might do more reading before they run the command blindly. (People often run commands without reading the surrounding text.)

I'd be happy to make -strict.perms=false the default in code when we detect "dev" mode or "getting started". The question is, what's a good sign of production? Is the fact you are running from init script / service file enough? Is deb/rpm production and the tar.gz getting started?

monicasarbu · 2017-07-31T09:29:03Z

packetbeat/docs/gettingstarted.asciidoc

@@ -289,7 +297,7 @@ docker run {dockerimage}
 [source,shell]
 ----------------------------------------------------------------------
 sudo chown root packetbeat.yml <1>
-sudo ./packetbeat -e -c packetbeat.yml -d "publish"
+sudo ./packetbeat run -e -c packetbeat.yml -d "publish"


run is the default option, in case it's missing. So, it still works:

sudo ./packetbeat -e -c packetbeat.yml -d "publish"

@monicasarbu Right, but I figured we added run for a reason and might want to show it. Do you think it's better to show the command without including run?

Yes, it's better to show the command without including run to show that the command didn't change.

monicasarbu · 2017-07-31T09:32:25Z