Plugins

Add-on functionality for Siren Investigate/Kibana is implemented with plugin modules. You can use the bin/investigate-plugin command to manage these modules. You can also install a plugin manually by moving the plugin file to the plugins folder and unpacking the plugin files into a new folder.

Generally Kibana plugins are compatible with Siren Investigate provided the plugin is compatible with the Kibana version mentioned in the Management section.

Plugin Compatibility

The Kibana plugin interfaces are in a state of constant development. We cannot provide backwards compatibility for plugins due to the high rate of change. Kibana enforces that the installed plugins match the version of Kibana itself. Plugin developers will have to release a new version of their plugin for each new Kibana release as a result.

Installing plugins

Use the following command to install a plugin:

bin/investigate-plugin install <package name or URL>

When you specify a plugin name without a URL, the plugin tool attempts to download an official Elastic plugin, such as:

$ bin/investigate-plugin install x-pack

Installing plugins from an arbitrary URL

You can download official Elastic plugins by specifying their name. You can alternatively specify a URL to a specific plugin, as in the following example:

$ bin/investigate-plugin install https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-10.0.0.zip

You can specify URLs that use the HTTP, HTTPS, or file protocols.

Installing plugins to an arbitrary folder

Use the -d or --plugin-dir option after the install command to specify a folder for plugins, as in the following example:

$ bin/investigate-plugin install file:///some/local/path/x-pack.zip -d path/to/folder
This command creates the specified folder if it does not already exist.

Installing plugins with Linux packages

The Siren Investigate server must be able to write to files in the optimize folder. If you are installing plugins using sudo or su you must ensure these commands are run as the user myuser. This user is already added for you as part of the package installation.

$ sudo -u myuser bin/investigate-plugin install x-pack

If plugins were installed as a different user and the server is not starting, then you must change the owner of these files:

$ chown -R myuser:myuser /path/to/siren-investigate/optimize

Updating and removing plugins

To update a plugin, remove the current version and reinstall the plugin.

To remove a plugin, use the remove command, as in the following example:

$ bin/investigate-plugin remove

You can also remove a plugin manually by deleting the plugin’s subfolder under the plugins/ folder.

Removing a plugin will result in an "optimize" run which will delay the next start of Siren Investigate.

Switching off plugins

Use the following command to switch off a plugin:

./bin/investigate --<plugin ID>.enabled=false
Switching a plugin on or off will result in an "optimize" run which will delay the start of Siren Investigate.
  • You can find a plugin’s plugin ID as the value of the name property in the plugin’s package.json file.

Configuring the plugin manager

By default, the plugin manager provides you with feedback on the status of the activity you have asked the plugin manager to perform. You can control the level of feedback with the --quiet and --silent options. Use the --quiet option to suppress all non-error output. Use the --silent option to suppress all output.

By default, plugin manager requests do not time out. Use the --timeout option, followed by a time, to change this behavior, as in the following examples:

Wait 30 seconds before failing

bin/investigate plugin --install username/sample-plugin --timeout 30s

Wait one minute before failing

bin/investigate plugin --install username/sample-plugin --timeout 1m

Plugins and custom Siren Investigate configurations

Use the -c or --config options to specify the path to the configuration file used to start Siren Investigate. By default, Siren Investigate uses the configuration file config/investigate.yml. When you change your installed plugins, the bin/investigate plugin command restarts the Siren Investigate server. When you are using a customized configuration file, you must specify the path to that configuration file each time you use the bin/investigate plugin command.

Plugin manager exit codes

0

Success

64

Unknown command or incorrect option parameter

74

I/O error

70

Other error