2.8K

Kibana is an open-source analytics and visualization platform designed to work with Elasticsearch. It enables users to search, analyze, monitor, and visualize log and time-series data through interactive dashboards, charts, and graphs.

Kibana acts as the visualization layer of the ELK Stack (Elasticsearch, Logstash, Kibana), allowing teams to transform raw machine data into meaningful insights.

What is Kibana?

Kibana is a web-based interface used for:

• Log analysis and monitoring
• Application performance tracking
• Data visualization and reporting
• Real-time analytics
• Creating dashboards and charts

It communicates directly with data stored in Elasticsearch indices and presents information visually using charts, maps, graphs, and dashboards.

Kibana can be deployed:

• On-premises servers
• Cloud environments such as Amazon EC2
• Managed Elasticsearch services

Prerequisites

Before installing Kibana, ensure the following:

• Elasticsearch 2.3 or later
• Java (OpenJDK or Oracle JDK)
• Linux Server (CentOS 7 x64 recommended)
• A modern web browser

Example cluster setup:

192.168.0.XX   node1
192.168.0.YY   node2
192.168.0.ZZ   node3

All servers should communicate using both hostname and IP address.

Installing Java

Install OpenJDK:

yum install -y java

Verify installation:

java -version

Installing Elasticsearch

Create repository file:

/etc/yum.repos.d/elasticsearch.repo

Add:

[elasticsearch-2.x]
name=Elasticsearch repository
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

Install Elasticsearch:

yum install elasticsearch -y

Configuring Elasticsearch Cluster

Configuration files are located in:

/etc/elasticsearch/

Important files:

• elasticsearch.yml — Main configuration
• logging.yml — Logging settings

Example Node Configuration

Node 1 (Master Node)

node.name: node1
cluster.name: cluster1
node.master: true
network.host: 0.0.0.0
node.data: true
discovery.zen.ping.unicast.hosts: ["node1","node2","node3"]
index.number_of_shards: 5
index.number_of_replicas: 1

Node 2 & Node 3

node.master: false
node.data: true

Important Configuration Parameters

Setting	Description
node.name	Unique node identifier
cluster.name	Cluster group name
network.host	Allows nodes to communicate
node.master	Determines master node
node.data	Stores index data
unicast.hosts	Helps nodes discover cluster

Starting Elasticsearch

Start service:

/etc/init.d/elasticsearch start

Verify node status:

curl localhost:9200

Check cluster health:

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

Cluster statuses:

• Green — Fully operational
• Yellow — Replicas missing
• Red — Cluster failure

Installing Kibana

Import signing key:

rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

Create repository file:

/etc/yum.repos.d/kibana.repo

Add:

[kibana-4.5]
name=Kibana repository
baseurl=http://packages.elastic.co/kibana/4.5/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

Install Kibana:

yum install kibana

Enable startup:

chkconfig --add kibana

Start Kibana:

/etc/init.d/kibana start

Access Kibana:

http://server-ip:5601
http://localhost:5601
http://yourdomain.com:5601

Understanding Kibana Interface

Kibana contains four major sections:

1. Discover
2. Visualize
3. Dashboard
4. Settings

1. Kibana Discover

The Discover page allows users to explore and search logs collected by Logstash and stored in Elasticsearch.

Key Elements

• Search Bar — Query logs or fields
• Time Filter — Filter logs by time range
• Field Selector — Customize visible fields
• Date Histogram — Log count over time
• Log View — View individual log entries

This section is primarily used for real-time log exploration.

2. Kibana Visualize

The Visualize section helps create custom visual representations of data.

Supported visualizations include:

• Bar charts
• Line charts
• Pie charts
• Data tables
• Tile maps

Steps to Create a Visualization

1. Click Visualize
2. Select visualization type
3. Choose or create search source
4. Add X-Axis bucket
5. Select Date Histogram
6. Apply aggregation
7. Add sub-aggregations if required
8. Save visualization

Example aggregation:

• Split Bars → Significant Terms → clientip.raw

3. Kibana Dashboard

Dashboards combine multiple visualizations into a single interactive view.

Creating a Dashboard

1. Click New Dashboard
2. Add visualizations
3. Rearrange and resize widgets
4. Apply filters or time ranges
5. Save dashboard

Dashboards help teams monitor logs, detect issues, and analyze trends efficiently.

4. Kibana Settings

The Settings section manages configuration and saved objects.

Reload Field Data

If new fields are added to Logstash data:

Settings → logstash-* → Reload Field List

Object Management

You can:

• Edit dashboards
• Delete visualizations
• Manage saved searches

How Kibana Works with Elasticsearch ?

1. Elasticsearch stores indexed data.
2. Kibana queries Elasticsearch.
3. Data is displayed as charts, dashboards, and visual analytics.

Together they provide powerful observability and monitoring capabilities.

Key Benefits of Kibana

• Real-time log monitoring
• Interactive dashboards
• Easy data exploration
• Centralized analytics
• Scalable visualization platform
• Cloud and on-prem deployment support

( Screenshots available )

 

Frequently Asked Questions (FAQ)

1. What is Kibana used for?

Kibana is used to search, analyze, and visualize data stored in Elasticsearch through dashboards and charts.

2. What are the main features of Kibana?

Discover, Visualize, Dashboard, and Settings.

3. What are the prerequisites for Elasticsearch installation?

Linux server, Java installation, and proper network connectivity between nodes.

4. How do I check Elasticsearch cluster status?

Run:

curl -XGET http://localhost:9200/_cluster/health?pretty=true

5. What does a green cluster status mean?

All primary and replica shards are allocated and the cluster is fully operational.

6. Can Kibana run on cloud and on-premises?

Yes. Kibana supports both local deployments and cloud platforms like Amazon EC2.

7. How do I access Kibana Dashboard?

Open:

http://server-ip:5601

If you require help, contact SupportPRO Server Admin