Getting Kibana Up and Running

edit

Getting Kibana Up and Running

edit

You can set up Kibana and start exploring your Elasticsearch indices in minutes. All you need is:

  • Elasticsearch 2.2 or later
  • A modern web browser - Supported Browsers.
  • Information about your Elasticsearch installation:

    • URL of the Elasticsearch instance you want to connect to.
    • Which Elasticsearch indices you want to search.

If your Elasticsearch installation is protected by Shield see Shield with Kibana 4 for additional setup instructions.

Install and Start Kibana

edit

To get Kibana up and running:

  1. Download the Kibana 4 binary package for your platform.
  2. Extract the .zip or tar.gz archive file.

On Unix, you can instead run the package manager suited for your distribution.

Kibana Repositories

edit

Binary packages for Kibana are available for Unix distributions that support the apt and yum tools.We also have repositories available for APT and YUM based distributions.

Since the packages are created as part of the Kibana build, source packages are not available.

Packages are signed with the PGP key D88E42B4, which has the following fingerprint:

4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4
Installing Kibana with apt-get
edit
  1. Download and install the Public Signing Key:

    wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
  2. Add the repository definition to your /etc/apt/sources.list file:

    echo "deb http://packages.elastic.co/kibana/4.4/debian stable main" | sudo tee -a /etc/apt/sources.list

    Use the echo method described above to add the Kibana repository. Do not use add-apt-repository, as that command adds a deb-src entry with no corresponding source package. When the deb-src entry, is present, the commands in this procedure generate an error similar to the following:

    Unable to find expected entry 'main/source/Sources' in Release file (Wrong sources.list entry or malformed file)

    Delete the deb-src entry from the /etc/apt/sources.list file to clear the error.

  3. Run apt-get update and the repository is ready for use. Install Kibana with the following command:

    sudo apt-get update && sudo apt-get install kibana
  4. Configure Kibana to automatically start during bootup. If your distribution is using the System V version of init, run the following command:

    sudo update-rc.d kibana defaults 95 10
  5. If your distribution is using systemd, run the following commands instead:

    sudo /bin/systemctl daemon-reload
    sudo /bin/systemctl enable kibana.service
Installing Kibana with yum
edit

The repositories set up in this procedure are not compatible with distributions using version 3 of rpm, such as CentOS version 5.

  1. Download and install the public signing key:

    rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
  2. Create a file named kibana.repo in the /etc/yum.repos.d/ directory with the following contents:

    [kibana-4.4]
    name=Kibana repository for 4.4.x packages
    baseurl=http://packages.elastic.co/kibana/4.4/centos
    gpgcheck=1
    gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
    enabled=1
  3. Install Kibana by running the following command:

    yum install kibana

    Configure Kibana to automatically start during bootup. If your distribution is using the System V version of init, run the following command:

    chkconfig --add kibana
  4. If your distribution is using systemd, run the following commands instead:

    sudo /bin/systemctl daemon-reload
    sudo /bin/systemctl enable kibana.service

After installing, run Kibana from the install directory: bin/kibana (Linux/MacOSX) or bin\kibana.bat (Windows).

That’s it! Kibana is now running on port 5601.

Kibana and Elasticsearch Dynamic Mapping

edit

By default, Elasticsearch enables dynamic mapping for fields. Kibana needs dynamic mapping to use fields in visualizations correctly, as well as to manage the .kibana index where saved searches, visualizations, and dashboards are stored.

If your Elasticsearch use case requires you to disable dynamic mapping, you need to manually provide mappings for fields that Kibana uses to create visualizations. You also need to manually enable dynamic mapping for the .kibana index.

The following procedure assumes that the .kibana index does not already exist in Elasticsearch and that the index.mapper.dynamic setting in elasticsearch.yml is set to false:

  1. Start Elasticsearch.
  2. Create the .kibana index with dynamic mapping enabled just for that index:

    PUT .kibana
    {
    	"index.mapper.dynamic": true
    }
  3. Start Kibana and navigate to the web UI and verify that there are no error messages related to dynamic mapping.

Connect Kibana with Elasticsearch

edit

Before you can start using Kibana, you need to tell it which Elasticsearch indices you want to explore. The first time you access Kibana, you are prompted to define an index pattern that matches the name of one or more of your indices. That’s it. That’s all you need to configure to start using Kibana. You can add index patterns at any time from the Settings tab.

By default, Kibana connects to the Elasticsearch instance running on localhost. To connect to a different Elasticsearch instance, modify the Elasticsearch URL in the kibana.yml configuration file and restart Kibana. For information about using Kibana with your production nodes, see Using Kibana in a Production Environment.

To configure the Elasticsearch indices you want to access with Kibana:

  1. Point your browser at port 5601 to access the Kibana UI. For example, localhost:5601 or http://YOURDOMAIN.com:5601.

    Kibana start page

  2. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana guesses that you’re working with data being fed into Elasticsearch by Logstash. If that’s the case, you can use the default logstash-* as your index pattern. The asterisk (*) matches zero or more characters in an index’s name. If your Elasticsearch indices follow some other naming convention, enter an appropriate pattern. The "pattern" can also simply be the name of a single index.
  3. Select the index field that contains the timestamp that you want to use to perform time-based comparisons. Kibana reads the index mapping to list all of the fields that contain a timestamp. If your index doesn’t have time-based data, disable the Index contains time-based events option.

    Using event times to create index names is deprecated in this release of Kibana. Support for this functionality will be removed entirely in the next major Kibana release. Elasticsearch 2.1 includes sophisticated date parsing APIs that Kibana uses to determine date information, removing the need to specify dates in the index pattern name.

  4. Click Create to add the index pattern. This first pattern is automatically configured as the default. When you have more than one index pattern, you can designate which one to use as the default from Settings > Indices.

Voila! Kibana is now connected to your Elasticsearch data. Kibana displays a read-only list of fields configured for the matching index.

Start Exploring your Data!

edit

You’re ready to dive in to your data:

  • Search and browse your data interactively from the Discover page.
  • Chart and map your data from the Visualize page.
  • Create and view custom dashboards from the Dashboard page.

For a brief tutorial that explores these core Kibana concepts, take a look at the Getting Started page.