- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.17
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- AI Assistant settings
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboards
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- Search
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- Cases
- Connectors
- Amazon Bedrock
- Cases
- CrowdStrike
- D3 Security
- Google Gemini
- IBM Resilient
- Index
- Jira
- Microsoft Teams
- Observability AI Assistant
- OpenAI
- Opsgenie
- PagerDuty
- SentinelOne
- Server log
- ServiceNow ITSM
- ServiceNow SecOps
- ServiceNow ITOM
- Swimlane
- Slack
- TheHive
- Tines
- Torq
- Webhook
- Webhook - Case Management
- xMatters
- Preconfigured connectors
- License Management
- Maintenance windows
- Manage data views
- Numeral Formatting
- Rollup Jobs
- Manage saved objects
- Security
- Spaces
- Advanced Settings
- Tags
- Upgrade Assistant
- Watcher
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Synthetics APIs
- Uptime APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Upgrade notes
- Kibana 8.17.1
- Kibana 8.17.0
- Kibana 8.16.3
- Kibana 8.16.2
- Kibana 8.16.1
- Kibana 8.16.0
- Kibana 8.15.5
- Kibana 8.15.4
- Kibana 8.15.3
- Kibana 8.15.2
- Kibana 8.15.1
- Kibana 8.15.0
- Kibana 8.14.3
- Kibana 8.14.2
- Kibana 8.14.1
- Kibana 8.14.0
- Kibana 8.13.4
- Kibana 8.13.3
- Kibana 8.13.2
- Kibana 8.13.1
- Kibana 8.13.0
- Kibana 8.12.2
- Kibana 8.12.1
- Kibana 8.12.0
- Kibana 8.11.4
- Kibana 8.11.3
- Kibana 8.11.2
- Kibana 8.11.1
- Kibana 8.11.0
- Kibana 8.10.4
- Kibana 8.10.3
- Kibana 8.10.2
- Kibana 8.10.1
- Kibana 8.10.0
- Kibana 8.9.2
- Kibana 8.9.1
- Kibana 8.9.0
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Install Kibana with Docker
editInstall Kibana with Docker
editDocker images for Kibana are available from the Elastic Docker registry. The base image is ubuntu:20.04.
A list of all published Docker images and tags is available at www.docker.elastic.co. The source code is in GitHub.
These images contain both free and subscription features. Start a 30-day trial to try out all of the features.
Run Kibana in Docker for development
editUse Docker commands to run Kibana on a single-node Elasticsearch cluster for development or testing.
This setup doesn’t run multiple Elasticsearch nodes by default. To create a multi-node cluster with Kibana, use Docker Compose instead. Refer to Start a multi-node cluster with Docker Compose in the Elasticsearch documentation.
Hardened Docker images
editYou can also use the hardened Wolfi image for additional security. Using Wolfi images requires Docker version 20.10.10 or higher.
To use the Wolfi image, append -wolfi
to the image tag in the Docker command.
For example:
docker pull docker.elastic.co/elasticsearch/elasticsearch-wolfi:8.17.0
Start a single node cluster
edit-
Install Docker. Visit Get Docker to install Docker for your environment.
If using Docker Desktop, make sure to allocate at least 4GB of memory. You can adjust memory usage in Docker Desktop by going to Settings > Resources.
-
Create a new Docker network for Elasticsearch and Kibana.
docker network create elastic
-
Pull the Elasticsearch Docker image.
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.17.0
-
Optional: Install Cosign for your environment. Then use Cosign to verify the Elasticsearch image’s signature.
wget https://artifacts.elastic.co/cosign.pub cosign verify --key cosign.pub docker.elastic.co/elasticsearch/elasticsearch:8.17.0
The
cosign
command prints the check results and the signature payload in JSON format:Verification for docker.elastic.co/elasticsearch/elasticsearch:8.17.0 -- The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline - The signatures were verified against the specified public key
-
Start an Elasticsearch container.
docker run --name es01 --net elastic -p 9200:9200 -it -m 1GB docker.elastic.co/elasticsearch/elasticsearch:8.17.0
Use the
-m
flag to set a memory limit for the container. This removes the need to manually set the JVM size.The command prints the
elastic
user password and an enrollment token for Kibana. -
Copy the generated
elastic
password and enrollment token. These credentials are only shown when you start Elasticsearch for the first time. You can regenerate the credentials using the following commands.docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
-
Pull the Kibana Docker image.
docker pull docker.elastic.co/kibana/kibana:8.17.0
-
Optional: Verify the Kibana image’s signature.
wget https://artifacts.elastic.co/cosign.pub cosign verify --key cosign.pub docker.elastic.co/kibana/kibana:8.17.0
-
Start a Kibana container.
docker run --name kib01 --net elastic -p 5601:5601 docker.elastic.co/kibana/kibana:8.17.0
- When Kibana starts, it outputs a unique generated link to the terminal. To access Kibana, open this link in a web browser.
-
In your browser, enter the enrollment token that was generated when you started Elasticsearch.
To regenerate the token, run:
docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
-
Log in to Kibana as the
elastic
user with the password that was generated when you started Elasticsearch.To regenerate the password, run:
docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
Remove Docker containers
editTo remove the containers and their network, run:
# Remove the Elastic network docker network rm elastic # Remove the Elasticsearch container docker rm es01 # Remove the Kibana container docker rm kib01
Configure Kibana on Docker
editThe Docker images provide several methods for configuring Kibana. The
conventional approach is to provide a kibana.yml
file as described in
Configuring Kibana, but it’s also possible to use
environment variables to define settings.
Bind-mounted configuration
editOne way to configure Kibana on Docker is to provide kibana.yml
via bind-mounting.
With docker-compose
, the bind-mount can be specified like this:
version: '2' services: kibana: image: docker.elastic.co/kibana/kibana:8.17.0 volumes: - ./kibana.yml:/usr/share/kibana/config/kibana.yml
Persist the Kibana keystore
editBy default, Kibana auto-generates a keystore file for secure settings at startup. To persist your secure settings, use the kibana-keystore
utility to bind-mount the parent directory of the keystore to the container. For example:
docker run -it --rm -v full_path_to/config:/usr/share/kibana/config -v full_path_to/data:/usr/share/kibana/data docker.elastic.co/kibana/kibana:8.17.0 bin/kibana-keystore create docker run -it --rm -v full_path_to/config:/usr/share/kibana/config -v full_path_to/data:/usr/share/kibana/data docker.elastic.co/kibana/kibana:8.17.0 bin/kibana-keystore add test_keystore_setting
Environment variable configuration
editUnder Docker, Kibana can be configured via environment variables. When the container starts, a helper process checks the environment for variables that can be mapped to Kibana command-line arguments.
For compatibility with container orchestration systems, these environment variables are written in all capitals, with underscores as word separators. The helper translates these names to valid Kibana setting names.
All information that you include in environment variables is visible through the ps
command, including sensitive information.
Some example translations are shown here:
Table 1. Example Docker Environment Variables
Environment Variable |
Kibana Setting |
|
|
|
|
|
|
In general, any setting listed in Configure Kibana can be configured with this technique.
Supplying array options can be tricky. The following example shows the syntax for providing an array to ELASTICSEARCH_HOSTS
.
These variables can be set with docker-compose
like this:
version: '2' services: kibana: image: docker.elastic.co/kibana/kibana:8.17.0 environment: SERVER_NAME: kibana.example.org ELASTICSEARCH_HOSTS: '["http://es01:9200","http://es02:9200","http://es03:9200"]'
Since environment variables are translated to CLI arguments, they take
precedence over settings configured in kibana.yml
.
Docker defaults
editThe following settings have different default values when using the Docker images:
|
|
|
|
|
|
|
|
These settings are defined in the default kibana.yml
. They can be overridden
with a custom kibana.yml
or via
environment variables.
If replacing kibana.yml
with a custom version, be sure to copy the
defaults to the custom file if you want to retain them. If not, they will
be "masked" by the new file.
On this page
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now