Add a new section on how to collect CloudTrail events using Amazon Data Firehose #3823
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alaudazzi
added
docs
|
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
|
This pull request is now in conflict. Could you fix it @alaudazzi? 🙏 |
|
@zmoog |
|
To give an example of how image references need to be reformatted 
|
|
@zmoog |
bmorelli25
reviewed
May 1, 2024
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc
Outdated
Show resolved
Hide resolved
|
|
||
| image::firehose-monitor-cloudtrail-logs.png[Firehose monitor CloudTrail logs] | ||
|
|
||
| Navigate to {kib} and choose among the following monitoring options: |
There was a problem hiding this comment.
Is there a specific use case we could call out with each of these visualization/monitoring options?
There was a problem hiding this comment.
These are three different ways to visualize the same CloudTrail logs. But I'll defer to @zmoog to confirm.
There was a problem hiding this comment.
I considered one visualization to showcase a detailed view (Discover or Logs Explorer) and one high-level view (dashboard) of CloudTrail logs.
As a user, I often take this two-level approach of getting the feel of the dataset from a quantitative perspective (how many events, etc) and a qualitative perspective (inspecting some sample documents).
Three ways are probably too many.
@bmorelli25 @alaudazzi Is it better to offer one option only, or is there room for two?
There was a problem hiding this comment.
Promoting various visualization options is appropriate for tutorial-oriented content. We do the same in the Monitor VPC Flow Logs use case.
…ail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]>
…ail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]>
…ail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]>
…ail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]>
…ail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]>
…ail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]>
…ail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]>
…ity-docs into cloudtrail-firehose
Yeah, I see the automation is pretty rough and needs more work. I may use it personally as an intermediate step, but I'll create a .asciidoc file from now on until the automation improves. |
|
@alaudazzi, I like the changes you made to the initial draft of the issue thread. I'll use this as a reference for the upcoming documents on the AWS Network Firewall and the generic guide on CloudWatch and S3. |
bmorelli25
approved these changes
May 6, 2024
alaudazzi
added
backport-8.13
mergify bot
pushed a commit
that referenced
this pull request
May 13, 2024
…ta Firehose (#3823) * Remove screenshots and adjust text accordingly * Test the structure * Add more steps * Add draft content from public notes * Fix text and structure 1 * Fix images * Fix text and structure 2 * Fix text and structure 3 * Fix text and structure 4 * Fix text and structure 5 * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Fix headings * Integrate reviewer's feedback * Remove link * Update step 1 --------- Co-authored-by: Maurizio Branca <[email protected]> Co-authored-by: Brandon Morelli <[email protected]> (cherry picked from commit ec22304) # Conflicts: # docs/en/observability/cloud-monitoring/aws/monitor-aws-agent.asciidoc
mergify bot
pushed a commit
that referenced
this pull request
May 13, 2024
…ta Firehose (#3823) * Remove screenshots and adjust text accordingly * Test the structure * Add more steps * Add draft content from public notes * Fix text and structure 1 * Fix images * Fix text and structure 2 * Fix text and structure 3 * Fix text and structure 4 * Fix text and structure 5 * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Fix headings * Integrate reviewer's feedback * Remove link * Update step 1 --------- Co-authored-by: Maurizio Branca <[email protected]> Co-authored-by: Brandon Morelli <[email protected]> (cherry picked from commit ec22304) # Conflicts: # docs/en/observability/cloud-monitoring/aws/monitor-aws-agent.asciidoc
bmorelli25
added a commit
that referenced
this pull request
May 15, 2024
…ta Firehose (#3823) (#3883) * Remove screenshots and adjust text accordingly * Test the structure * Add more steps * Add draft content from public notes * Fix text and structure 1 * Fix images * Fix text and structure 2 * Fix text and structure 3 * Fix text and structure 4 * Fix text and structure 5 * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Fix headings * Integrate reviewer's feedback * Remove link * Update step 1 --------- Co-authored-by: Maurizio Branca <[email protected]> Co-authored-by: Brandon Morelli <[email protected]> (cherry picked from commit ec22304) # Conflicts: # docs/en/observability/cloud-monitoring/aws/monitor-aws-agent.asciidoc Co-authored-by: Arianna Laudazzi <[email protected]> Co-authored-by: Brandon Morelli <[email protected]>
bmorelli25
added a commit
that referenced
this pull request
May 15, 2024
…ta Firehose (#3823) (#3884) * Remove screenshots and adjust text accordingly * Test the structure * Add more steps * Add draft content from public notes * Fix text and structure 1 * Fix images * Fix text and structure 2 * Fix text and structure 3 * Fix text and structure 4 * Fix text and structure 5 * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Update docs/en/observability/cloud-monitoring/aws/monitor-aws-cloudtrail-firehose.asciidoc Co-authored-by: Brandon Morelli <[email protected]> * Fix headings * Integrate reviewer's feedback * Remove link * Update step 1 --------- Co-authored-by: Maurizio Branca <[email protected]> Co-authored-by: Brandon Morelli <[email protected]> (cherry picked from commit ec22304) # Conflicts: # docs/en/observability/cloud-monitoring/aws/monitor-aws-agent.asciidoc Co-authored-by: Arianna Laudazzi <[email protected]> Co-authored-by: Brandon Morelli <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This tutorial has reached a pretty stable status and is ready to be reviewed.
Doc preview.
Relates to #3819