Kibana displays events from the last 15 minutes by default. We're going to need a little more data than that!
The phone subscriber dataset has entries as old as 5 years. You may need to select a longer period for browsing
Click on the dropdown menu on the top left of the page (just below the search bar) to select your dataset. There should be four listed:
Once the dataset and the time period is selected, your main window should be similar to the screenshot below.
The search bar is located on the top and the search results are displayed in the middle. By default, Kibana puts a
* in the search field, which means it searches for everything. This is called the 'wildcard' search operator.
You can submit a search by entering your keywords in the search bar. You can simply enter any keyword, or search in a specific field. In this case, we are searching for a specific IP address:
You can enter multiple keywords and use search operators to define a relationship between them.
The default is
OR. On the screenshot below, we explicity added
AND to search for a specific IP and email address.
By default, Kibana displays each field. To make the results more readable, you can select the relevant fields to display.
Hover on a field on the left-hand side and click
add. This will add the field as a column in the results window. You may select multiple fields to display multiple columns.
To solve the fifth challenge, you will need to use Graph to perform link analysis on the telephone call logs. First, click on the icon next to Settings and select Graph from the drop-down menu.
Once Graph is opened, you need to select the appropriate dataset. Click on the drop-down menu and select
Then click on the Erinmeyer flask icon on the right
Click on Fields and select the field name you would like to search on. In this example, we select subscriber_phone_number.raw and dialled_number.raw
Make sure you always select the field name ending
Then you can use the search box for visualising your datasets. In this example, we used
"*" as a search string instead of a phone number.