OpenSearch Dashboards

OpenSearch Dashboards is an open-source fork of Kibana, which is [no longer open-source software]({{ site.github.repository_url }}/releases/tag/v5.0.0).

Adding new visualizations and dashboards

Visualizations and dashboards can be easily created in OpenSearch Dashboards using its drag-and-drop WYSIWIG tools. Assuming users have created a new dashboard to package with Malcolm, the dashboard and its visualization components can be exported using the following steps:

Identify the ID of the dashboard (found in the URL: e.g., for /dashboards/app/dashboards#/view/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx the ID would be xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

Export the dashboard with that ID and save it in the ./dashboards./dashboards/ directory with the following command:

 export DASHID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx && \
   docker compose exec dashboards curl -XGET \
   "http://localhost:5601/dashboards/api/opensearch-dashboards/dashboards/export?dashboard=$DASHID" > \
   ./dashboards/dashboards/$DASHID.json

It is preferrable for Malcolm to dynamically create the arkime_sessions3-* index template rather than including it in imported dashboards, so edit the xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json that was generated, carefully locating and removing the section with the id of arkime_sessions3-* and the type of index-pattern (including the comma preceding it):
```
    ,
    {
      "id": "arkime_sessions3-*",
      "type": "index-pattern",
      "namespaces": [
        "default"
      ],
      "updated_at": "2021-12-13T18:21:42.973Z",
      "version": "Wzk3MSwxXQ==",
      …
      "references": [],
      "migrationVersion": {
        "index-pattern": "7.6.0"
      }
    }
```
Include the new dashboard either by using a bind mount for the ./dashboards/dashboards/ directory or by rebuilding the dashboards-helper Docker image. Dashboards are imported the first time Malcolm starts up.