Kibana features

Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, so you can do things like quickly find out why you're getting paged at 2:00 a.m. and predict the impact of rain on this quarter's numbers.

Explore and visualize

Explore and visualize

Visualizations

Your data has a compelling story. How will you best display it? Charts, tables, maps, and other tools in Kibana all stand at the ready for live expression of your data.

Kibana Lens

Kibana Lens is an easy-to-use, intuitive UI that simplifies the process of data visualization through a drag-and-drop experience. Whether you're exploring billions of logs or spotting trends from your website traffic, Lens gets you from data to insights in just a few clicks — no prior experience in Kibana required.

Learn about Kibana Lens
screenshot-lens-switch-chart-index-landing-page.png

Time Series Visual Builder

Using the full power of the Elasticsearch aggregation framework, Time Series Visual Builder (TSVB) is a time series data visualizer that combines an infinite number of aggregations and pipeline aggregations to display complex data in a meaningful way.

Learn about TSVB
screenshot-kibana-timeseries-feature-page.jpg

Geospatial analysis

"Where" is a critical question for many users of the Elastic Stack. Whether you're protecting your network from attackers, investigating slow application response times in specific locations, or simply hailing a ride home, geo data and search play an important role.

Learn about geospatial analysis and maps
screenshot-maps-geospatial-search-feature-page.jpg

Charts

Line, area, and bar charts allow you to plot your data on an X/Y axis. A heat map is a graphical representation of data where the individual values contained in a matrix are represented as colors or gradients. And pie charts can also double as donut charts, displaying as a sliced ring instead of a sliced pie.

Learn more about chart visualizations
screenshot-elastic-tees-charts-feature-page.jpg

Metrics

A metric visualization displays a single number for each aggregation. Display metrics for count, average, sum, min/max, standard deviation, percentiles, and more.

Learn about metric visualizations
screenshot-kibana-metric-feature-page.png

Data tables

Data table displays are one of the most common ways to express your data. Configure your data tables to capture a moment in time, or sync with your live data for a dynamic, up-to-date look at what's going on.

Learn about data tables
screenshot-kibana-data-table-feature-page.png

Vega (custom)

Vega and Vega-Lite allow for custom visualizations without the need for JavaScript. Build out visualizations (either standalone or on top of a map) in Kibana with data from a single Elasticsearch query or multiple data sources.

Learn about custom Vega visualizations
screenshot-kibana-basics-with-vega-feature-page.jpg

Kibana plugins

Add even more functionality to Kibana with community-driven plugin modules. Open source plugins are available for a variety of apps, extensions, visualizations, and more. Plugins include:

Explore the available Kibana plugins
  • Vega visualizations

  • Prometheus exporter

  • 3D charts and graphs

  • Calendar visualizations

  • And many more

Canvas

Canvas is a whole new way of making data look amazing. Canvas combines data with colors, shapes, text, and your own imagination to bring dynamic, multi-page, pixel-perfect data displays to screens large and small.

Read about Canvas
screenshot-canvas-demos-v2-1000x562-feature-page.jpg

User Experience

User Experience data reflects real-world user experiences. Quantify and analyze the perceived performance of your web application.

Learn more about the User Experience app
user-experience-tab.png

Kibana runtime fields editor

The Kibana runtime fields editor uses the Elasticsearch functionality for runtime fields to give analysts access to adding their own custom fields on the fly. From Index Patterns, Discover, and Kibana Lens, this editor is available to create, edit, or remove runtime fields.

Learn more about the Kibana runtime fields editor

Explore and visualize

Data exploration

Built-in Kibana dashboards encourage exploration and visualization of your network flow data the moment you process events. Set up some filters and start drilling down to gain deeper insight into your data.

Dashboards

A Kibana dashboard displays a collection of visualizations and searches. You can arrange, resize, and edit the dashboard content and then save the dashboard so you can share it. You can create custom drilldowns between multiple dashboards or even out to web applications to drive action and decision making.

Learn about dashboards in Kibana
screenshot-dashboard-log-web-traffic-79.png

Discover

Discover enables you to explore your data with Kibana's data discovery functions. You have access to every document in every index that matches the selected index pattern. You can submit search queries, filter the search results, and view document data. You can also see the number of documents that match the search query and get field value statistics. If a time field is configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the top of the page.

Learn about Discover
screenshot-kibana-discover-start-feature-page.jpg

Field statistics

Field statistics is a tab in Discover that shows a breakdown of fields, values, and data distributions via handy visualizations and statistics for each field in your index. Look for completeness of your data, spot outliers, understand the distribution of values, and gain a holistic view.

Learn about field statistics
screenshot_discover_field_statistics.jpg

Console interface

In Console, one of the Dev Tools in Kibana, you can compose requests to send to Elasticsearch in a cURL-like syntax and view responses to your requests.

Learn about Console
screenshot-kibana-console-feature-page.jpg

Graph analytics

The graph analytics features enable you to discover how items in an Elasticsearch index are related. You can explore the connections between indexed terms and see which connections are the most meaningful. This can be useful in a variety of applications, from fraud detection to recommendation engines.

Learn about graph analytics
screenshot-kibana-graph-feature-page.jpg

Console

In Console, one of the Dev Tools in Kibana, you can compose requests to send to Elasticsearch in a cURL-like syntax and view responses to your requests.

Learn about Console
screenshot-kibana-console-feature-page.jpg

Explore and visualize

Preconfigured dashboards

When the Elastic Stack is used to analyze logs and metrics, you can take advantage of a wide variety of preconfigured dashboards for many common data sources. Use Kibana like a pro right from the start.

Web server modules

Example dashboards — Apache, NGINX, IIS, HAProxy, and more — make it easy for you to start monitoring your web server log data and system metrics in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.

screenshot-filebeat-modules-nginx-feature-page.jpg

Database modules

Example dashboards — for MySQL, MongoDB, PostgreSQL, Microsoft SQL, and more — make it easy for you to start monitoring database and queuing system log data and system metrics in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.

screenshot-filebeat-modules-mysql-feature-page.jpg

Infrastructure modules

Example dashboards — system, Kubernetes, Docker, Windows, auditd, journald, and more — make it easy for you to start monitoring your servers in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.

Read about infrastructure monitoring
screenshot-container-monitoring-screenshot-carousel-kubernetes-feature-page.jpg

Explore and visualize

Share and collaborate

Easily share Kibana visualizations with your team members, your boss, their boss, your customers, compliance managers, contractors — anyone you like, really using the sharing option that works for you. Embed a dashboard, share a link, or export to PDF, PNG, or CSV files and send as an attachment. Or organize your dashboards and visualizations into Kibana spaces.

Embeddable dashboards

From Kibana, you can easily share a direct link to a Kibana dashboard, or embed the dashboard in a web page as an iframe — either as a live dashboard or a static snapshot of the current point in time.

Learn about embedding and sharing dashboards

Dashboard-only mode

Use the kibana_dashboard_only_user built-in role to limit what users see when they log in to Kibana. The kibana_dashboard_only_user role is preconfigured with read-only permissions to Kibana. When users open a dashboard, they will have a limited visual experience. All edit and create controls are hidden.

Learn about dashboard-only mode

Spaces

With Spaces in Kibana, you can organize your dashboards and other saved objects into meaningful categories. Once you're in a specific space, you will only see the dashboards and other saved objects that belong to it. And with security enabled, you can control which users have access to individual spaces, giving you an extra layer of protection.

Learn about Spaces
screenshot-kibana-space-selector-feature-page.jpg

PDF/PNG reports

Quickly generate reports of any Kibana visualization or dashboard and save them to PDF or PNG. Get a report on demand, schedule it for later, trigger it based on specified conditions, and automatically share it with others.

Read about reporting
screenshot-reporting-generate-pdf-feature-page.jpg

Custom banners for Kibana Spaces

Custom banners help to differentiate Kibana Spaces for different roles, teams, functions, and more. Tailor specific announcements and messagings to individual Kibana Spaces, and help users quickly identify which Space they’re in.

Learn more about custom banners for Kibana Spaces

CSV exports

Export saved searches in Discover to CSV files for use with external text editors.

Learn about exporting saved searches
screenshot-reporting-csv-feature-page.jpg

Saved objects import/export

View, edit, delete, import, and export saved objects right from Kibana. A saved object can be a search, visualization, dashboard, or index pattern.

Learn about saved objects
screenshot-kibana-export-feature-page.jpg

Tags

Easily create tags and add them to dashboards and visualization for efficient content management.

screenshot-kibana-tags-7-11-b.png

Explore and visualize

Machine learning

Elastic machine learning features automatically model the behavior of your Elasticsearch data — trends, periodicity, and more — in real time to identify issues faster, streamline root cause analysis, and reduce false positives.

Forecasting on time series

After Elastic machine learning creates baselines of normal behavior for your data, you can use that information to extrapolate future behavior. Then create a forecast to estimate a time series value at a specific future date or estimate the probability of a time series value occurring in the future

Learn about forecasting
screenshot-machine-learning-feature-page.jpg

Anomaly detection on time series

Elastic machine learning features automate the analysis of time series data by creating accurate baselines of normal behavior in the data and identifying anomalous patterns in that data. Anomalies are detected, scored, and linked with statistically significant influencers in the data using proprietary machine learning algorithms.

Learn about anomaly detection
  • Anomalies related to temporal deviations in values, counts, or frequencies

  • Statistical rarity

  • Unusual behaviors for a member of a population

Alerting on anomalies

For changes that are harder to define with rules and thresholds, combine alerting with unsupervised machine learning features to find the unusual behavior. Then use the anomaly scores in the alerting framework to get notified when problems arise.

Read about alerting

Population/entity analysis

Use Elastic machine learning features to build a profile of what a "typical" user, machine, or other entity does over a specified time period and then identify outliers when they behave abnormally compared to the population.

Learn about population/entity analysis
screenshot-kibana-machine-learning-feature-page.jpg

Log message categorization

Application log events are often unstructured and contain variable data. Elastic machine learning features observe the static parts of the message, cluster similar messages together, and classify them into message categories.

Learn about log message categorization

Root cause indication

Once an anomaly is detected, Elastic machine learning features make it easy to identify the properties that significantly influenced it. For instance, if there's an unusual drop in transactions, you can quickly identify the failing server or misconfigured switch causing the problem.

Learn about root cause indication
screenshot-machine-learning-root-cause-feature-page.jpg

Data Visualizer

Data Visualizer helps you better understand your Elasticsearch data and identify possible fields for machine learning analysis by analyzing the metrics and fields in a log file or an existing index.

Learn about Data Visualizer
screenshot-machine-learning-visualizer-feature-page.jpg

Inference

Inference enables you to use supervised machine learning processes – like regression or classification – not only as a batch analysis but in a continuous fashion. Inference makes it possible to use trained machine learning models against incoming data.

Learn about inference

Language identification

Language identification is a trained model that you can use to determine the language of text. You can reference the language identification model in an inference processor.

Learn about language identification

Model snapshot management

Quickly revert a model back to a desired snapshot in case of an unplanned system outage or other event causing misleading results in anomaly detection.

Learn more about model snapshots

Management and monitoring

Management and monitoring

Security

The security features of the Elastic Stack give the right access to the right people. IT, operations, and application teams rely on these features to manage well-intentioned users and keep malicious actors at bay, while executives and customers can rest easy knowing data stored in the Elastic Stack is safe and secure.

Secure Spaces

With Spaces in Kibana, you can organize your dashboards and other saved objects into meaningful categories. Once you're in a specific space, you will only see the dashboards and other saved objects that belong to it. And with security enabled, you can control which users have access to individual spaces, giving you an extra layer of protection.

Learn about Spaces
screenshot-kibana-space-selector-feature-page.jpg

Encrypted communications

Network-based attacks on Elasticsearch node data can be thwarted through traffic encryption using SSL/TLS, node authentication certificates, and more.

Learn about encrypting communications

Role-based access control (RBAC)

Role-based access control (RBAC) enables you to authorize users by assigning privileges to roles and assigning roles to users or groups.

Learn about RBAC
screenshot-security-users-roles-feature-page.jpg

Anonymous access control (for public sharing)

From maps to dashboards to literally any Kibana saved object, you can now create specialized links that let anyone access an asset without being prompted for credentials.

Learn about anonymous access

Field- and document-level security

Field-level security restricts the fields that users have read access to. In particular, it restricts which fields can be accessed from document-based read APIs.

Learn about field-level security

Document-level security restricts the documents that users have read access to. In particular, it restricts which documents can be accessed from document-based read APIs.

Learn about document-level security

Security realms

The security features of the Elastic Stack authenticate users by using realms and one or more token-based authentication services. A realm is used to resolve and authenticate users based on authentication tokens. The security features provide a number of built-in realms.

Learn about security realms

Single sign-on (SSO)

The Elastic Stack supports SAML single sign-on (SSO) into Kibana, using Elasticsearch as a backend service. SAML authentication allows users to log in to Kibana with an external identity provider, such as Okta or Auth0.

Learn about SSO

Security APIs

The role management API allows you to manage roles that grant Kibana privileges. These endpoints cannot be accessed via the Console in Kibana.

Learn about the role management API

Management and monitoring

Management

The Elastic Stack comes with a variety of management tools, UIs, and APIs to allow full control over data, users, cluster operations, and more.

Dark theme

Kibana defaults to a light theme, but can easily be switched to a dark theme at the space level. Pick the mode that works best for you (and your eyes).

screenshot-kibana-7-0-0-dark-theme-feature-page.jpg

Index patterns

An index pattern identifies one or more Elasticsearch indices that you want to explore with Kibana. Kibana looks for index names that match the specified pattern. An asterisk (*) in the pattern matches zero or more characters. For example, the pattern myindex-* matches all indices whose names start with myindex-, such as myindex-1 and myindex-2.

Learn about index patterns

Index lifecycle management

Index lifecycle management (ILM) lets the user define and automate policies to control how long an index should live in each of four phases, as well as the set of actions to be taken on the index during each phase. This allows for better control of cost of operation, as data can be put in different resource tiers.

Learn about ILM
  • Hot: actively updated and queried

  • Warm: no longer updated, but still queried

  • Cold/Frozen: no longer updated and seldom queried (search is possible, but slower)

  • Delete: no longer needed

Snapshot lifecycle management

As a background snapshot manager, snapshot lifecycle management (SLM) APIs allow administrators to define the cadence with which to take snapshots of an Elasticsearch cluster. With a dedicated UI, SLM empowers users to configure retention for SLM policies and create, schedule, and delete snapshots automatically — ensuring that appropriate backups of a given cluster are taken on a frequent enough basis to be able to restore in compliance with customer SLAs.

Learn about SLM

Data rollup management

In Kibana, you'll find a UI for viewing, creating, starting, stopping, and deleting rollup jobs. A rollup job is a periodic task that summarizes data from Elasticsearch indices specified by an index pattern and rolls it into a new index.

Learn about rollup management
screenshot-rollups-management-ui-feature-page.jpg

User and role management

Create and manage users and roles via API or from Management within Kibana.

Learn about user/role management
screenshot-kibana-management-security-feature-page.jpg

Upgrade Assistant UI

The Upgrade Assistant UI helps you prepare your upgrade to the most recent version of the Elastic Stack. Within the UI, the assistant identifies the deprecated settings in your cluster and indices, guiding you through the process of resolving issues — including reindexing.

Learn about the Upgrade Assistant
screenshot-management-upgrade-assistant-8-0-feature-page.jpg

Upgrade Assistant API

The Upgrade Assistant API allows you to check the upgrade status of your Elasticsearch cluster and reindex indices that were created in the previous major version. The assistant helps you prepare for the next major version of Elasticsearch.

Learn about the Upgrade Assistant API

Saved objects UI

View, edit, delete, import, and export saved objects right from Kibana. A saved object can be a search, visualization, dashboard, or index pattern.

Learn about saved objects
screenshot-kibana-export-feature-page.jpg

Saved objects API

The saved objects API allows you to manage Kibana saved objects, including but not limited to dashboards, visualizations, and index patterns. These endpoints cannot be accessed via the Console in Kibana.

Learn about the saved objects API

Data import tutorial

With our easy-to-follow tutorial, learn to load a data set into Elasticsearch, define an index pattern, discover and explore the data, create visualizations and dashboards, and more.

Learn about the data import tutorial
screenshot-kibana-homepage-feature-page.jpg

License management

When you install Kibana, it generates a Basic license with no expiration date. Go to Management > License Management to view the status of your license, start a 30-day trial, or install a new license. You can activate a 30-day trial license with just a click to try out the full set of Platinum features, including machine learning, advanced security, graph capabilities, and more.

Learn about license management
screenshot-kibana-license-management-feature-page.jpg

Localized UI

Interfaces are available for English, Japanese, and Simplified Chinese right out of the box, and the localization framework within Kibana means more languages can be added in the future.

Learn about UI localization
screenshot-kibana-localization-feature-page.jpg

Transforms

Transforms are two-dimensional, tabular data structures that make indexed data more digestible. Transforms perform aggregations that pivot your data into a new entity-centric index. By transforming and summarizing your data, it becomes possible to visualize and analyze it in alternative ways, including as a source for other machine learning analytics.

Learn about transforms

Management and monitoring

Monitoring

Elastic Stack monitoring features provide you visibility into how your Elastic Stack is running. Keep a pulse on how it's performing to make sure you're getting the most out of it.

Full stack monitoring

The monitoring features of the Elastic Stack give you insight into the operation of Elasticsearch, Logstash, and Kibana. All of the monitoring metrics are stored in Elasticsearch, which enables you to easily visualize the data from Kibana.

Learn about monitoring the Elastic Stack
screenshot-monitoring-clusters-dashboard-feature-page.jpg

Configurable retention policy

With the Elastic Stack, you can control how long you hold onto monitoring data. The default is 7 days, but you can change that to anything you want.

Learn about retention policies

Automatic alerts on stack issues

With Elastic Stack alerting features, you can get notified automatically to changes in your cluster — cluster state, license expiration, and other metrics across Elasticsearch, Kibana, and Logstash — using the power of alerting.

Learn about automatic stack alerting
screenshot-monitoring-cluster-alerts-feature-page.jpg

Management and monitoring

Alerting

The alerting features of the Elastic Stack give you the full power of the Elasticsearch query language to identify changes in your data that are interesting to you. In other words, if you can query something in Elasticsearch, you can alert on it.

Highly available, scalable alerting

There's a reason organizations large and small trust the Elastic Stack to handle their alerting needs. By reliably and securely ingesting data from any source, in any format, analysts can search, analyze, and visualize key data in real time — all with customized, reliable alerting.

Learn about alerting

Notifications via email, webhooks, IBM Resilient, Jira, Microsoft Teams, PagerDuty, ServiceNow, Slack, xMatters

Link alerts with built-in integrations for email, IBM Resilient, Jira, Microsoft Teams, PagerDuty, ServiceNow, xMatters, and Slack. Integrate with any other third-party system via a webhook output.

Learn about alert notification options
screenshot-alerting-actions-integrations-connectors-710-656x369.png

Alerting UI

Take control of your alerts by viewing, creating, and managing all of them from a single UI. Stay in the know with real-time updates on which alerts are running and what actions were taken.

Learn about configuring alerts in Kibana
screenshot-alerting-management-interface-710-748x421.png

Alerting suppression and noise reduction

Snooze alerting rules to suppress notifications and actions for a user-defined duration. You’ll never miss an action because you forgot to unmute a rule while handling problems that arose unexpectedly or during known downtimes.

Learn about alerting suppression and noise reduction

Search threshold alerts for Discover

A search threshold rule in Discover is based on an Elasticsearch query - it analyzes documents at a given time interval to check if a threshold is reached for documents with the designated criteria, then triggers an alert. Users can create and assign an action if they wish to be trigger a notification or automatically create an incident.

Learn about search threshold alerts for Discover

Management and monitoring

Dev Tools

The Dev Tools page contains development tools that you can use to interact with your data in Kibana. Tools include Console, Grok Debugger, and Search Profiler.

Console

In Console, one of the Dev Tools in Kibana, you can compose requests to send to Elasticsearch in a cURL-like syntax and view responses to your requests.

Learn about Console
screenshot-kibana-console-feature-page.jpg

Grok Debugger

You can build and debug grok patterns in the Kibana Grok Debugger before you use them in your data processing pipelines. Grok is a pattern matching syntax that you can use to parse arbitrary text and structure it. Grok is good for parsing syslog, Apache, and other web server logs, MySQL logs, and in general, any log format that is written for human consumption.

Learn about Grok Debugger
screenshot-grok-debugger-feature-page.jpg

Query profiler/optimizer

The profile API provides detailed timing information about the execution of individual components in a search request. It provides insight into how search requests are executed at a low level so you can understand why certain requests are slow and take steps to improve them.

Learn about the profile API

Management and monitoring

Deployment

Public cloud, private cloud, or somewhere in between — we make it easy for you to run and manage the Elastic Stack.

Download and install

It's as easy as ever to get started. Just download and install Elasticsearch and Kibana as an archive or with a package manager. You'll be indexing, analyzing, and visualizing data in no time. And with the default distribution, you can also test out Platinum features such as machine learning, security, graph analytics, and more with a free 30-day trial.

Download the Elastic Stack

Elastic Cloud

Elastic Cloud is our growing family of SaaS offerings that make it easy to deploy, operate, and scale Elastic products and solutions in the cloud. From an easy-to-use hosted and managed Elasticsearch experience to powerful, out-of-the-box search solutions, Elastic Cloud is your springboard for seamlessly putting Elastic to work for you. Try any of our Elastic Cloud products for free for 14 days — no credit card required.

Get started in Elastic Cloud

Elastic Cloud Enterprise

With Elastic Cloud Enterprise (ECE), you can provision, manage, and monitor Elasticsearch and Kibana at any scale, on any infrastructure, while managing everything from a single console. Choose where you run Elasticsearch and Kibana: physical hardware, virtual environment, private cloud, private zone in a public cloud, or just plain public cloud (e.g., Google, Azure, AWS). We've covered them all.

Try ECE free for 30 days

Elastic Cloud on Kubernetes

Built on the Kubernetes Operator pattern, Elastic Cloud on Kubernetes (ECK) extends the basic Kubernetes orchestration capabilities to support the setup and management of Elasticsearch and Kibana on Kubernetes. With Elastic Cloud on Kubernetes, simplify the processes around deployment, upgrades, snapshots, scaling, high availability, security, and more for running Elasticsearch in Kubernetes.

Deploy with Elastic Cloud on Kubernetes

Helm Charts

Deploy in minutes with the official Elasticsearch and Kibana Helm Charts.

Read about the official Elastic Helm Charts

Docker containerization

Run Elasticsearch and Kibana on Docker with the official containers from Docker Hub.

Run the Elastic Stack on Docker

Solutions

Solutions

Elastic Maps

The Maps app enables you to parse through your geographical data at scale, with speed, and in real time. With features like multiple layers and indices in a map, plotting of raw documents, dynamic client-side styling, and global search across multiple layers, you can understand and monitor your data with ease.

Map layers

Add layers from unique indices into one view using the Maps app in Kibana. And since the layers are on the same map, you can search and filter across all of them in real time. Options include choropleth layers, heat map layers, tile layers, and vector layers and even use-case specific layers like observability for APM data.

Learn about map layers
screenshot-maps-multiple-sources-cool-feature-page.jpg

Vector tiles

Vector tiles partition your map into tiles and offer the best performance and smooth zooming over the alternative methods. All new polygon layers enable the 'Use vector tiles' setting by default. You can change the scaling options in layer settings if you prefer the 10,000 records approach.

Learn more about vector tiles in Elastic Maps
screenshot_elastic_maps_vector_tiles.jpg

Custom region maps

Create region maps — thematic maps in which boundary vector shapes are colored using a gradient — using the custom location data on a schematic of your choosing.

Learn about region maps
screenshot-maps-location-intelligence-feature-page.jpg

Elastic Maps Service (zoom levels)

The Elastic Maps Service powers all the geospatial visualizations in Kibana (including the Maps app) by serving basemap tiles, shapefiles, and key features that are essential for visualizing geodata. With the default distribution of Kibana, you can zoom in up to 18x on a map.

Read about the Elastic Maps Service
screenshot-elastic-maps-service-zoom-still-feature-page.jpg

Elastic Maps Server

The Elastic Maps Server uses the Elastic Maps Service’s basemaps and boundaries on local infrastructure.

Learn about the Elastic Maps Server

GeoJSON upload

Though simple and easy to use, the GeoJSON upload feature is robust. Through direct ingestion into Elasticsearch, the feature enables map creators to drag and drop GeoJSON files enriched with points, shapes, and content into a map for instantaneous visualization. Enable email or webapp alerts using GeoJSON defined boundaries when tracking data driven object movement.

Learn about GeoJSON upload
screenshot-geojson-import-feature-page.jpg

Geo alerts

Trigger notifications when an entity enters, leaves, or crosses a boundary. Monitor the location of an entity while it remains inside a specified boundary.

Learn about geo alerting

Shapefile upload

Load shapefiles into Elastic with this simple but powerful uploader built right into the Maps application. Easily load local open data and boundaries for analysis and comparison.

Learn about shapefile upload

    Solutions

    Elastic Logs

    With out-of-the-box support for common data sources and default dashboards to boot, the Elastic Stack is all about the it-just-works experience. Ship logs with Filebeat and Winlogbeat, index into Elasticsearch, and visualize it all in Kibana in minutes.

    Log shipper (Filebeat)

    Filebeat helps you keep the simple things simple by offering a lightweight way to forward and centralize logs and files. Filebeat comes with internal modules (auditd, Apache, NGINX, System, MySQL, and more) that simplify the collection, parsing, and visualization of common log formats down to a single command.

    Read about Filebeat

    Logs dashboards

    Example Filebeat dashboards make it easy for you to explore log data in Kibana. Get started quickly with these preconfigured dashboards, then customize them to meet your needs.

    Learn about Logs dashboards
    screenshot-container-monitoring-screenshot-carousel-application-feature-page.jpg

    Log rate anomaly detection

    Log rate analysis powered by machine learning automatically highlights periods of time where the log rate is outside normal bounds so you can quickly identify and inspect log anomalies.

    Learn more about log anomalies

    Logs app

    The Logs app provides real-time log tailing in a compact, customizable display. The log data is correlated with metrics in the Metrics app, making it easier for you to diagnose problems.

    Learn about the Logs app
    screenshot-logs-ui-feature-page.jpg

    Solutions

    Elastic Metrics

    With Elastic Metrics, easily track high-level metrics, like CPU usage, system load, memory usage, and network traffic, to help you assess the overall health of your servers, containers, and services.

    Metric shipper (Metricbeat)

    Metricbeat is a lightweight shipper that you can install on your servers to periodically collect metrics from the operating system and from services running on the server. From CPU to memory, Redis to NGINX, Metricbeat is a lightweight way to send system and service statistics.

    Learn about Metricbeat

    Metrics dashboards

    Example Metricbeat dashboards make it easy for you to start monitoring your servers in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.

    Learn about Metrics dashboards
    screenshot-metricbeat-modules-system-feature-page.jpg

    Metrics app

    After you have metrics streaming to Elasticsearch, use the Metrics app in Kibana to monitor them and identify problems in real time.

    Learn about the Metrics app
    screenshot-infrastructure-ui.png

    Alerting integration for Metrics

    Create threshold alerts for your metrics with real-time feedback, directly in the Metrics app in Kibana, and get notified the way that you choose — documents, logs, Slack, simple webhooks, and more.

    Learn more about alerting

    Machine learning integration for Metrics

    Find common infrastructure issues with one-click anomaly detection directly from the Metrics UI.

    Learn more about machine learning

    Solutions

    Elastic Uptime

    With Elastic Uptime powered by open source Heartbeat, your availability data works in concert with rich context provided by logs, metrics, and APM — making it simpler to connect the dots, correlate activity, and solve problems quickly.

    Uptime monitor (Heartbeat)

    Heartbeat is a lightweight daemon that you install on a remote server to periodically check the status of your services and determine whether they are available. Heartbeat ingests the server data that will then be displayed in the Uptime dashboard and app in Kibana.

    Read about Heartbeat

    Uptime dashboards

    Example Heartbeat dashboards make it easy for you to visualize the status of your services in Kibana. Get started quickly with these preconfigured dashboards, and then customize them to meet your needs.

    Learn about Uptime dashboards
    screenshot-uptime-host-availability.png

    Alerting integration for Uptime

    Easily create threshold-based alerts from your availability data directly in the Uptime app, and get notified the way that you choose -- documents, logs, Slack, simple webhooks, and more.

    Certificate monitoring

    Check or get notified when your SSL or TLS certificates are expiring and keep your services available directly in the Uptime app.

    Synthetic monitoring

    Simulate the user experience across multi-step journeys — like the checkout flow for an ecommerce store. Capture detailed status info each step of the way to identify problematic areas and create exceptional digital experiences.

    Learn more about synthetic tests

    Uptime app

    The Uptime app in Kibana is intended to help you quickly identify and diagnose outages and other connectivity issues within your network or environment. Easily monitor hosts, services, websites, APIs, and more from this helpful interface.

    Learn about the Uptime app
    screenshot-uptime-service-monitoring.png

    Solutions

    Elastic APM

    Already housing logs and system metrics in Elasticsearch? Expand to application metrics with Elastic APM. Four lines of code let you see a bigger picture to quickly fix issues and feel good about the code you push.

    APM Server

    The APM Server receives data from APM agents and transforms them into Elasticsearch documents. It does this by exposing an HTTP server endpoint to which agents stream the APM data they collect. After the APM Server has validated and processed events from the APM agents, the server transforms the data into Elasticsearch documents and stores them in corresponding Elasticsearch indices.

    Learn about APM Server

    APM agents

    APM agents are open source libraries written in the same language as your service. You install them into your service as you would install any other library. They instrument your code and collect performance data and errors at runtime. This data is buffered for a short period and sent on to the APM Server.

    Learn about APM agents

    APM app

    Finding and fixing roadblocks in your code boils down to search. Our dedicated APM app in Kibana lets you identify bottlenecks and zero in on problematic changes at the code level. As a result, you get better, more efficient code that leads to a speedier develop-test-deploy loop, faster applications, and better customer experiences.

    Learn about Elastic APM
    screenshot-apm-ui.jpg

    Distributed tracing

    Wondering how requests are flowing through your entire infrastructure? String transactions together with a distributed trace and get a clear view of how your services are interacting. Find where latency issues are arising in the path and then pinpoint the components that need optimizing.

    Learn about distributed tracing
    screenshot-apm-distributed-tracing-feature-page.jpg

    Alerting integration

    Stay up to date on how your code is performing. Get an email notification when something goes awry or a Slack notification when something goes really right.

    Read about alerting
    screenshot-alerting-apm.png

    Service maps

    Service maps are a visual representation of how your services are connected and provide high-level transaction metrics like average transaction duration, request and error rates, plus CPU and memory usage.

    Learn more about service maps

    Machine learning integration

    Create a machine learning job directly from the APM app. Quickly hone in on abnormal behavior with machine learning features that automatically model your data.

    Learn about the ML integration in APM
    screenshot-machine-learning-apm-helper-feature-page.jpg

    Solutions

    Elastic Security

    Elastic Security equips security operations, threat hunting, and IT Ops teams to prevent, detect, and respond to threats. It prevents ransomware and malware at the host, automates the detection of threats and anomalies, and streamlines response with intuitive workflows, built-in case management, and integrations with SOAR and ticketing platforms.

    Elastic Common Schema

    Uniformly analyze data from diverse sources with the Elastic Common Schema (ECS). Detection rules, machine learning jobs, dashboards, and other security content can be applied more broadly, searches can be crafted more narrowly, and field names are easier to remember.

    Watch a video about the Elastic Common Schema
    screenshot-security-host-events-monitoring-7-14.jpg

    Machine learning anomaly detection

    Integrated machine learning automates anomaly detection, enhancing detection and hunting workflows. A portfolio of prebuilt machine learning jobs enables rapid adoption. Alerting and investigation workflows leverage ML results.

    Learn about machine learning
    screenshot-security-detection-ml-jobs.jpg

    Detection engine

    The detection engine performs technique-based threat detection and alerts on high-value anomalies. Prebuilt rules developed and tested by Elastic Security research engineers enable rapid adoption. Custom rules can be created for any data formatted for Elastic Common Schema (ECS).

    Learn about detections
    screenshot-security-detection-rules-cloud-more-7.10.png

    Host security analysis

    Elastic Security enables interactive analysis of endpoint data from Elastic Agent and Elastic Beats, plus technologies like Carbon Black, CrowdStrike, and Microsoft Defender for Endpoint. Explore shell activity with Session View and processes with Analyzer.

    Learn about Host security analysis
    screenshot-security-session-manager-clean.png

    Network security analysis

    Elastic Security enables network security monitoring with interactive maps, graphs, event tables, and more. It supports numerous network security solutions, including OSS technologies like Suricata and Zeek, devices from vendors like Cisco ASA, Palo Alto Networks, and Check Point, and cloud services like AWS, Azure, GCP, and Cloudflare.

    Learn about Network security analysis
    screenshot-security-network-view.jpg

    User security analysis

    Elastic Security excels with entity analytics. The solution provides visibility into user activity, helping practitioners address insider threats, account takeover, privilege abuse, and related vectors. Environment-wide collection supports security monitoring, with user data presented on curated visualizations and tables. User context is presented within the flow of a hunt or investigation, with further details quickly accessible.

    1-security-user-detail.png

    Timeline event explorer

    Timeline event explorer lets analysts view, filter, correlate, and annotate events, gather data to reveal the root-cause and scope of attacks, align investigators, and package information for immediate and long-term reference.

    Learn about the Timeline event explorer
    screenshot-security-timeline-network-7-14.jpg

    Case management

    Built-in case management workflows enhance control over detection and response. Elastic Security allows analysts to easily open, update, tag, comment on, close, and integrate cases with external systems. An open API and prebuilt support for IBM Resilient, Jira, Swimlane, and ServiceNow enable alignment with existing workflows.

    Learn about cases
    screenshot-security-case-comment.jpg

    Cloud workload session auditing

    Secure hybrid cloud workloads and cloud-native applications with a lightweight agent powered by eBPF. Spot runtime threats automatically with prebuilt and custom detection rules and machine learning models. Investigate with a terminal-like view that surfaces rich context.

    screenshot-security-session-manager-clean.png

    KSPM data collection and CIS posture findings

    Gain visibility into your security posture across multi-cloud environments. Review findings, benchmark findings against CIS controls, and follow remediation guidance to drive rapid improvement.

      Administration of host-based prevention, detection, and response

      Manage anti-malware and anti-ransomware capabilities, manage centralized collection to enable the detection of advanced threats, and power host-based inspection and response.

      Learn about malware prevention
      screenshot-endpoint-protections-admin.png

      Osquery central management

      Elastic Security enables users to easily deploy osquery on every endpoint, streamlining hunting and host inspection across Linux, Windows, and macOS hosts. The solution provides direct access to rich host data, retrievable with a prebuilt or custom SQL query for analysis in Elastic Security.

      Learn about osquery on Elastic Agent
      1-blog-elastic-security-7-13.gif

      Solutions

      Elasticsearch

      Connectors

      Make use of native connectors and connector clients to popular productivity tools, plus handy APIs to build connectors for your data sources, too.

      Learn more about Connectors

      Crawler

      Open Crawler lets you index web content directly into Elasticsearch. The repository is open source, so you can review the code, submit issues or PRs, and create custom versions. Its lightweight design ensures efficient crawling and indexing.

      Learn more about Open Crawler

      Playground

      Test the latest AI search capabilities with AI Playground, now in Elasticsearch. Ingest your own data or use our sample data to explore how to build RAG systems, test different LLMs from various providers like OpenAI, Amazon Bedrock, Anthropic and more.

      Learn more about Playground

      Search Applications

      Search Applications enable users to build search-powered applications that leverage the full power of Elasticsearch and its Query DSL, with a simplified user experience.

      Learn more about Search Applications

      Behavioral Analytics

      Behavioral Analytics is an analytics event collection platform. Use these tools to analyze your users' searching and clicking behavior.

      Learn more about Behavioral Analytics

      Inference Endpoints UI

      Inference endpoints streamline the deployment and management of machine learning models in Elasticsearch.

      Learn more about Inference Endpoints UI

      Search AI Assistant

      AI Assistant for Observability and Search uses generative AI to help you with a variety of tasks related to Elasticsearch and Kibana.

      Learn more about Search AI Assistant