- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.17
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- AI Assistant settings
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboards
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- Search
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- Cases
- Connectors
- Amazon Bedrock
- Cases
- CrowdStrike
- D3 Security
- Google Gemini
- IBM Resilient
- Index
- Jira
- Microsoft Teams
- Observability AI Assistant
- OpenAI
- Opsgenie
- PagerDuty
- SentinelOne
- Server log
- ServiceNow ITSM
- ServiceNow SecOps
- ServiceNow ITOM
- Swimlane
- Slack
- TheHive
- Tines
- Torq
- Webhook
- Webhook - Case Management
- xMatters
- Preconfigured connectors
- License Management
- Maintenance windows
- Manage data views
- Numeral Formatting
- Rollup Jobs
- Manage saved objects
- Security
- Spaces
- Advanced Settings
- Tags
- Upgrade Assistant
- Watcher
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Synthetics APIs
- Uptime APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Upgrade notes
- Kibana 8.17.1
- Kibana 8.17.0
- Kibana 8.16.3
- Kibana 8.16.2
- Kibana 8.16.1
- Kibana 8.16.0
- Kibana 8.15.5
- Kibana 8.15.4
- Kibana 8.15.3
- Kibana 8.15.2
- Kibana 8.15.1
- Kibana 8.15.0
- Kibana 8.14.3
- Kibana 8.14.2
- Kibana 8.14.1
- Kibana 8.14.0
- Kibana 8.13.4
- Kibana 8.13.3
- Kibana 8.13.2
- Kibana 8.13.1
- Kibana 8.13.0
- Kibana 8.12.2
- Kibana 8.12.1
- Kibana 8.12.0
- Kibana 8.11.4
- Kibana 8.11.3
- Kibana 8.11.2
- Kibana 8.11.1
- Kibana 8.11.0
- Kibana 8.10.4
- Kibana 8.10.3
- Kibana 8.10.2
- Kibana 8.10.1
- Kibana 8.10.0
- Kibana 8.9.2
- Kibana 8.9.1
- Kibana 8.9.0
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Stack Management
editStack Management
editStack Management is home to UIs for managing all things Elastic Stack— indices, clusters, licenses, UI settings, data views, spaces, and more.
Access to individual features is governed by Elasticsearch and Kibana privileges. Consult your administrator if you do not have the appropriate access.
Ingest
editCreate and manage ingest pipelines that let you perform common transformations and enrichments on your data. |
|
Create, edit, and delete your Logstash pipeline configurations. |
Data
editView index settings, mappings, and statistics and perform operations, such as refreshing, flushing, and clearing the cache. Practicing good index management ensures that your data is stored cost effectively. |
|
Create a policy for defining the lifecycle of an index as it ages through the hot, warm, cold, and delete phases. Such policies help you control operation costs because you can put data in different resource tiers. |
|
Define a policy that creates, schedules, and automatically deletes snapshots to ensure that you have backups of your cluster in case something goes wrong. |
|
[8.11.0] Deprecated in 8.11.0. Rollups are deprecated and will be removed in a future version. Use downsampling instead. Create a job that periodically aggregates data from one or more indices, and then rolls it into a new, compact index. Rollup indices are a good way to store months or years of historical data in combination with your raw data. |
|
Use transforms to pivot existing Elasticsearch indices into summarized or entity-centric indices. |
|
Replicate indices on a remote cluster and copy them to a follower index on a local cluster. This is important for disaster recovery. It also keeps data local for faster queries. |
|
Manage your remote clusters for use with cross-cluster search and cross-cluster replication. You can add and remove remote clusters, and check their connectivity. |
Alerts and Insights
editCentrally manage your rules across Kibana. |
|
Create and manage cases to investigate issues. |
|
Create and manage reusable connectors for triggering actions. |
|
Monitor the generation of reports—PDF, PNG, and CSV—and download reports that you previously generated. A report can contain a dashboard, visualization, saved search, or Canvas workpad. |
|
Machine Learning Jobs |
View, export, and import your anomaly detection and data frame analytics jobs. Open the Single Metric Viewer or Anomaly Explorer to see your anomaly detection results. |
Detect changes in your data by creating, managing, and monitoring alerts. For example, you might create an alert when the maximum total CPU usage on a machine goes above a certain percentage. |
|
Suppress rule notifications for scheduled periods of time. |
Security
editView the users that have been defined on your cluster. Add or delete users and assign roles that give users specific privileges. |
|
View the roles that exist on your cluster. Customize the actions that a user with the role can perform, on a cluster, index, and space level. |
|
Create secondary credentials so that you can send requests on behalf of the user. Secondary credentials have the same or lower access rights. |
|
Assign roles to your users using a set of rules. Role mappings are required when authenticating via an external identity provider, such as Active Directory, Kerberos, PKI, OIDC, and SAML. |
Kibana
editManage the fields in the data views that retrieve your data from Elasticsearch. |
|
Copy, edit, delete, import, and export your saved objects. These include dashboards, visualizations, maps, data views, Canvas workpads, and more. |
|
Create, manage, and assign tags to your saved objects. |
|
Manage your saved search sessions, groups of queries that run in the background. Search sessions are useful when your queries take longer than usual to process, for example, when you have a large volume of data or when the performance of your storage location is slow. |
|
Create spaces to organize your dashboards and other saved objects into categories. A space is isolated from all other spaces, so you can tailor it to your needs without impacting others. |
|
Customize Kibana to suit your needs. Change the format for displaying dates, turn on dark mode, set the timespan for notification messages, and much more. |
Stack
editView the status of your license, start a trial, or install a new license. For the full list of features that are included in your license, see the subscription page. |