From fdcaaab73e135d9d5961b76f7f11718eab9d9651 Mon Sep 17 00:00:00 2001
From: 9S <strrrn@gmail.com>
Date: Thu, 19 Sep 2019 08:40:15 +0200
Subject: [PATCH] Update README.md

---
 README.md | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 38032a4..9d35910 100644
--- a/README.md
+++ b/README.md
@@ -60,10 +60,18 @@ This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the begin
 12. again: the following steps will not work correctly if sending data to logstash here is not successfull!
 
 ### KIBANA HOST (CAN BE THE SAME AS LOGSTASH AND ELASTICSEARCH)
-12. import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import
-13. delete any existing template matching our index name: DELETE /_template/logstash-syslog-dns*
-14. import the template: paste the content of "logstash-syslog-dns-index.template_ELK7.x.json" into kibanas dev tools console
-14.1 click the green triangle in the upper right of the pasted content (first line). Output should be:
+
+13. create the index pattern: Management -> Index patterns -> Create index pattern
+13.1 type logstash-syslog-dns - it shound find one index
+13.2 click next step and select @timezone 
+13.3 Create index pattern
+13.4 Once the index is created, verify that 79 fields are listed
+13.5 click the curved arrows on the top left
+14. import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import
+14. optionally select the correct index pattern: logstash-syslog-dns*
+15. delete any existing template matching our index name: DELETE /_template/logstash-syslog-dns*
+16. import the template: paste the content of "logstash-syslog-dns-index.template_ELK7.x.json" into kibanas dev tools console
+16.1 click the green triangle in the upper right of the pasted content (first line). Output should be:
 
 {
 
@@ -71,8 +79,5 @@ This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the begin
   
 }
 
-15. optionally reload kibanas field list via: Management -> Index patterns -> type logstash-syslog-dns*
-15. click the curved arrows on the top left
-
 
 You should then be able to see your new dashboard and visualizations.
-- 
GitLab