WARNING: Version 4.4 of Kibana has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Getting Kibana Up and Running
editGetting Kibana Up and Running
editYou can set up Kibana and start exploring your Elasticsearch indices in minutes. All you need is:
- Elasticsearch 2.2 or later
- A modern web browser - Supported Browsers.
-
Information about your Elasticsearch installation:
- URL of the Elasticsearch instance you want to connect to.
- Which Elasticsearch indices you want to search.
If your Elasticsearch installation is protected by Shield see Shield with Kibana 4 for additional setup instructions.
Install and Start Kibana
editTo get Kibana up and running:
- Download the Kibana 4 binary package for your platform.
-
Extract the
.zip
ortar.gz
archive file.
On Unix, you can instead run the package manager suited for your distribution.
Kibana Repositories
editBinary packages for Kibana are available for Unix distributions that support the apt
and yum
tools.We also have
repositories available for APT and YUM based distributions.
Since the packages are created as part of the Kibana build, source packages are not available.
Packages are signed with the PGP key D88E42B4, which has the following fingerprint:
4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4
Installing Kibana with apt-get
edit-
Download and install the Public Signing Key:
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
-
Add the repository definition to your
/etc/apt/sources.list
file:echo "deb http://packages.elastic.co/kibana/4.4/debian stable main" | sudo tee -a /etc/apt/sources.list
Use the
echo
method described above to add the Kibana repository. Do not useadd-apt-repository
, as that command adds adeb-src
entry with no corresponding source package. When thedeb-src
entry, is present, the commands in this procedure generate an error similar to the following:Unable to find expected entry 'main/source/Sources' in Release file (Wrong sources.list entry or malformed file)
Delete the
deb-src
entry from the/etc/apt/sources.list
file to clear the error. -
Run
apt-get update
and the repository is ready for use. Install Kibana with the following command:sudo apt-get update && sudo apt-get install kibana
-
Configure Kibana to automatically start during bootup. If your distribution is using the System V version of
init
, run the following command:sudo update-rc.d kibana defaults 95 10
-
If your distribution is using
systemd
, run the following commands instead:sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service
Installing Kibana with yum
editThe repositories set up in this procedure are not compatible with distributions using version 3 of rpm
, such
as CentOS version 5.
-
Download and install the public signing key:
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
-
Create a file named
kibana.repo
in the/etc/yum.repos.d/
directory with the following contents:[kibana-4.4] name=Kibana repository for 4.4.x packages baseurl=http://packages.elastic.co/kibana/4.4/centos gpgcheck=1 gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch enabled=1
-
Install Kibana by running the following command:
yum install kibana
Configure Kibana to automatically start during bootup. If your distribution is using the System V version of
init
, run the following command:chkconfig --add kibana
-
If your distribution is using
systemd
, run the following commands instead:sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service
After installing, run Kibana from the install directory: bin/kibana
(Linux/MacOSX) or bin\kibana.bat
(Windows).
That’s it! Kibana is now running on port 5601.
Kibana and Elasticsearch Dynamic Mapping
editBy default, Elasticsearch enables dynamic mapping for fields. Kibana needs dynamic mapping
to use fields in visualizations correctly, as well as to manage the .kibana
index where saved searches,
visualizations, and dashboards are stored.
If your Elasticsearch use case requires you to disable dynamic mapping, you need to manually provide mappings for
fields that Kibana uses to create visualizations. You also need to manually enable dynamic mapping for the .kibana
index.
The following procedure assumes that the .kibana
index does not already exist in Elasticsearch and that the
index.mapper.dynamic
setting in elasticsearch.yml
is set to false
:
- Start Elasticsearch.
-
Create the
.kibana
index with dynamic mapping enabled just for that index:PUT .kibana { "index.mapper.dynamic": true }
- Start Kibana and navigate to the web UI and verify that there are no error messages related to dynamic mapping.
Connect Kibana with Elasticsearch
editBefore you can start using Kibana, you need to tell it which Elasticsearch indices you want to explore. The first time you access Kibana, you are prompted to define an index pattern that matches the name of one or more of your indices. That’s it. That’s all you need to configure to start using Kibana. You can add index patterns at any time from the Settings tab.
By default, Kibana connects to the Elasticsearch instance running on localhost
. To connect to a different
Elasticsearch instance, modify the Elasticsearch URL in the kibana.yml
configuration file and restart Kibana. For
information about using Kibana with your production nodes, see Using Kibana in a Production Environment.
To configure the Elasticsearch indices you want to access with Kibana:
-
Point your browser at port 5601 to access the Kibana UI. For example,
localhost:5601
orhttp://YOURDOMAIN.com:5601
. -
Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana
guesses that you’re working with data being fed into Elasticsearch by Logstash. If that’s the case, you can use the
default
logstash-*
as your index pattern. The asterisk (*) matches zero or more characters in an index’s name. If your Elasticsearch indices follow some other naming convention, enter an appropriate pattern. The "pattern" can also simply be the name of a single index. -
Select the index field that contains the timestamp that you want to use to perform time-based comparisons. Kibana reads the index mapping to list all of the fields that contain a timestamp. If your index doesn’t have time-based data, disable the Index contains time-based events option.
Using event times to create index names is deprecated in this release of Kibana. Support for this functionality will be removed entirely in the next major Kibana release. Elasticsearch 2.1 includes sophisticated date parsing APIs that Kibana uses to determine date information, removing the need to specify dates in the index pattern name.
- Click Create to add the index pattern. This first pattern is automatically configured as the default. When you have more than one index pattern, you can designate which one to use as the default from Settings > Indices.
Voila! Kibana is now connected to your Elasticsearch data. Kibana displays a read-only list of fields configured for the matching index.
Start Exploring your Data!
editYou’re ready to dive in to your data:
For a brief tutorial that explores these core Kibana concepts, take a look at the Getting Started page.