Getting Started with Kibana

Getting Started with Kibana

Getting started with Kibana is easier than you think. Once you have chosen to use it to make sense of your logs, it is a straightforward process to implement it. In this post, we will see how you can easily get your Kibana installation up and running with ease.

The Elastic Stack

Before we can look into everything Kibana, we need to have a look at Elastic.

The Elastic Stack — once known as the ELK Stack — is a collection of open-source software made by Elastic that allows users to search, analyze, and visualize logs generated from any source, in any format. This practice is known as “centralized logging.”

The ELK Stack breakdown

ELK Stack - Get it

Centralized logging is useful when attempting to identify problems with servers or applications, as it allows for searching through all logs from a single place. It also comes in handy when identifying issues that span multiple servers by correlating their logs from a specific time frame.

The Elastic Stack has four main components:

  • Elasticsearch A distributed, RESTful search engine used to curate and store all collected data
  • Logstash This is the data processing component of the Elastic Stack, it sends curated data to Elasticsearch
  • Kibana The main subject of this post, is a web interface for searching and visualizing logs.
  • Beats These are a set of lightweight, single-purpose data shippers that send data from all covered machines to either Logstash or Elasticsearch

What is Kibana?

Developed in 2013 from within the Elasticsearch community, Kibana – which we have just seen is part of the Elastic Stack – is also a free and open frontend application that sits on top of the stack. Moreover, Kibana provides search and data visualization capabilities for the data that has been indexed in Elasticsearch.

Basic Kibana Dashboard

Kibana is known as the charting tool for the Elastic Stack and also acts as the user interface (UI) for monitoring, managing, and securing an Elastic Stack cluster. It is also the centralized hub for built-in solutions developed on the Elastic Stack as well as evolving to become the window into the Elastic Stack itself, and thus, offering a portal for users and companies.

What do we use Kibana for?

Ok, we have seen what Kibana is and the various aspects of it within the Elastic Stack. So, the next question becomes, how do we use it to our advantage?

Being the official user interface (UI) of Elasticsearch means users will find Kibana to be the most effective interface for gaining in-depth data insights and as well as performing proactive monitoring and management of the health of their Elastic Stack.

Kibana has many use cases as Elastic has invested heavily in the innovation of the visualization interface allowing users to leverage the built-in features for use cases such as Application Performance Monitoring (APM), business and security analytics, geospatial analytics, and much more.

As a free and open interface, Kibana has a wide user base and a strong support community, which contributes to its continuous growth. The user’s level of experience varies just as much – with their expertise covering aspects like documentation, instruction, and community support itself. Finally, Elastic also offers training and individual support to help users with all levels of knowledge and leading to several certifications.

Kibana comes with a dashboard tool that offers users the ability to combine log data visualizations, which are built from its ChaosSearch indices, with functional dashboards. Users can also use dashboards, combined with real-time indexing, to automatically update their dashboards in near real-time as events are logged in cloud platforms like Amazon S3 buckets or Azure containers.

Ok, but what is Kibana dashboard?

By definition, a Kibana dashboard is a collection of charts, graphs, metrics, searches, and maps that are brought together into a single pane to present data in easy-to-consume formats.

Dashboards are used to provide “at-a-glance” insights into data from multiple perspectives and enable users to drill down into them for even more details.

Sample Kibana Dashboard - eCommerce

These dashboards provide an intuitive way of relaying data to users by allowing them to combine a variety of different data visualizations and saved searches into a dynamically updating view that can be used at any time.

Kibana dashboards are fully customizable and compatible with displaying data in several formats that include:

  • Line and pie charts
  • Gauges
  • Data tables
  • Heat maps
  • Line graphs
  • Coordinate maps
  • Tag clouds

In short, apart from Kibana aiding in searching, viewing, visualizing, and managing data indexed in Elasticsearch, its dashboards also help analyze captured data through bar charts, pie charts, tables, histograms, and maps. But, apart from that, Kibana’s tight integration with Elasticsearch, and the Elastic Stack as a whole, makes it ideal for supporting even more of the following functions:

  • A dashboard can be shared via browsers to provide real-time analytical views into large data volumes in support of use cases such as logging and log analytics
  • It serves as a multi-purpose tool for Application Performance Monitoring (APM), infrastructure metrics, and container monitoring
  • It can enhance Geospatial data analysis and visualization
  • It is ideal for business processes and security analytics
  • Centralized analytics of microservices, understanding user behavior, resource allocation reporting, monitoring website uptime, vulnerability scanning, firewall monitoring, as well as global data monitoring

Some other more underutilized use cases for Kibana include its data visualization capabilities for compliance auditing, SIEM as a Service, and IT operations.

What is Kibana Lens?

Kibana Lens is a native tool designed to enable faster access to data insights. It uses a drag-and-drop interface to simplify the process of exploring Elasticsearch data and creating visuals based on them.

The charts that are created using Lens have smart suggestions that provide alternative ways to visualize data based on data analysis best practices and common usage patterns.

Sample Kibana Lens

With Kibana Lens, users can:

  • Explore data in Elasticsearch indices with minimal program interaction
  • Drag-and-drop data fields into their dashboards to create multiple data visualizations
  • Simultaneously cross-search multiple Elasticsearch indices for comparison in the same visualization
  • Customize data visualizations by switching between chart types and changing aggregations in real time
  • Create interactive data visualizations without coding or previous experience using Kibana

Kibana Lens is a powerful feature that lets users drag and drop fields to see instant previews as their data takes shape. Depending on the fields that have been selected, the smart suggestions in Kibana Lens guide users toward visualizations that can communicate the data’s information most effectively.

What is Kibana Canvas?

Kibana Canvas is a data visualization and presentation application, which is also native, where real-time data can be pulled directly from Elasticsearch and combined with colors, images, text, and other custom options to create aesthetic, dynamic, and interactive graphical representations of it.

Kibana Canvas Sample

With Kibana Canvas, users can:

  • Create and personalize workspaces with different backgrounds, borders, colors, fonts, and other enhancement features
  • Customize work pads with custom visualizations like images and text
  • Customize data they have directly pulled from Elasticsearch
  • Display data with charts, graphs, progress monitors, and other formats
  • Filter data to focus on displaying the required data

What is Kibana Gauge?

Kibana Gauge signifies or indicates, the status of metrics that are displayed against a range – to depict a comparison of current value to a predetermined lower and upper limit. Its purpose is to signify the volume of transactions or data captured in a given time frame.

Kibana Gauge Sample

Some more Kibana tools

Let’s look at a few more Kibana features before we move along to its installation procedure:

  • Elastic Maps Are for analyzing geospatial data and identifying geo patterns over time, points of interest, and other filtering factors. Users can easily share and consume geospatial data via dashboards and set up location-based alerts to make the data optimally usable.
  • Discover Exploration tools that help move quickly from ingestion to analysis by showing more user documents in one place. This allows for the easy location of needed information, which can then be slice-and-diced as required.

Installing Kibana

Now that we have a clear picture of why and how we need to use Kibana, let us move on to its installation and actual usage.

Kibana prerequisites

Before we tackle the installation, let us look at the prerequisites for a successful installation of Kibana. Of course, this means that we need to look at the prerequisites for the installation of Elastic Cloud Enterprise. And with that in mind, we have:

  • The recommended hardware setup includes a minimum of the following memory options – a minimum of 8 GBs:

Elastic Cloud Enterprise - Memory prerequisites

  • Meanwhile, the minimum data storage prerequisites are shown below:

Elastic Cloud Enterprise - Storage prerequisites

Where to download Elasticsearch

There are several options when it comes to the versions that are available to download. The official Elasticsearch download page offers options for operating systems like Windows, Linux, macOS, and Debian.

Alternatively, users can play around with the trial version of Elasticsearch for free to get a feel of it before committing to a full-blown installation and deployment.

How do I create dashboards in Kibana?

To build a dashboard in Kibana, users must have curated data that has been indexed in Elasticsearch. They should also have already built a search, visualization, or map.

To create a new one, from within Kibana, you can click Dashboard in the side navigation on the left. An overview of existing dashboards is presented when the Dashboard interface is opened and in cases where there are no dashboards, sample data sets that include pre-built dashboards can be added.

Kibana Welcome Home Page

Below, is what the Sample Flight Data dashboard looks like:

Sample Flight Data - Kibana Elastisearch

Once the data is added, you should see the “Installed” confirmation and then your dashboard with the data presented in various display forms.

Users can follow these basic steps to build a dashboard:

  • In the side navigation, click Dashboard.
  • Click Create Dashboard.
  • Click Add.
  • Use the Add Panels button to insert visualizations or saved searches to the dashboard.

If there are many visualizations, the lists can be filtered to show only the data you need to see.

Kibana Elastisearch - Create New Dashboard

If there happens to be a read-only icon in the header, it may mean that you do not have the required permissions to create, edit or save dashboards. Therefore, either ask Kibana administrators if they can change the permission settings on an individual or group basis or make sure your account is the owner of the Elasticsearch deployment.

Kibana integrations and plugins

Some popular Kibana integrations include:

  • Slack This popular instant messaging platform uses channels to share information with a group of people or a team. It can be integrated into Elastic and Kibana easily and used to send alerts and enable instant access to valuable information. It can then be configured to periodically check when data goes above or below a certain threshold within a given time interval, after which users are instantly informed of specific data behavior from Kibana.
  • Zendesk This is a cloud-based customer relationship management (CRM) and customer support platform that provides tools for tracking, prioritizing, and solving customer support tickets. The Zendesk connector provided with Workplace Search automatically captures, syncs, and indexes ticket details like IDs, content, tags, status, priority, and timestamps.
  • Google Workspace The office productivity platform works seamlessly with Elastic and Kibana. This integration collects, and parses, data from the different Google Workspace audit reports APIs. Users can keep track of things like users’ successful and failed sign-ins to SAML applications, changes to groups, group memberships or group messages, view administrator activities performed within the Google Admin console, and much more.
  • Microsoft 365 This integration allows for the collection of logs from the Microsoft productivity platform using Elastic Agent. It supports user, admin, system, and policy actions. It also grabs events from Azure AD activity logs exposed by the Office 365 Management Activity API.

Where can I learn more?

Here is a great video showing how to install, set up, and configure Kibana:

Downloads and trials (FREE)

For those who already have the local infrastructure in place or own a cloud hosting platform subscription, it is all about downloading and installing Elastic Enterprise Search from here.

You can also download Kibana by going here.

But, before you do that, you may want to give it all a spin and try it out. The best way to do that is to sign up for a free trial. You can set up your Elastic base and then configure your Kibana with a hands-on simulation.

On getting started with Kibana

As we have seen in this post, getting started with Kibana is easy. This is due to several reasons, including:

  • The tool was made to be used by users with all levels of tech know-how; it has a low learning curve
  • There are supporting integrations and plugins that help users achieve almost anything they may require – and the list continues to grow
  • Tutorials and knowledge bases are abundant, meaning it is easy to learn anything new about Kibana by performing simple searches for KBs or videos
  • The browser-based interface makes it easy to use as the basics come already provided with any connected device

And there you have it, you are now ready to start with Kibana. We’d like to hear from you; leave us a comment below.

Leave a Reply