Kibana – Elastic Stack Tutorial (Part 3)

Kibana

Kibana is an awesome tool in the Elastic Stack that aims to solve the problem of what to do with all the data that you collect and how to use it in a meaningful way. Kibana does that by letting you easily visualize the data that arrives into Elasticsearch. In this article, I will give you a brief introduction to the tool and how to set up your first visualization.

This is the last part of the Elastic Stack tutorial. If you haven’t read the previous articles about Logstash and Elasticsearch yet, I recommend doing that first before proceeding.

Getting started

If you have been following the previous articles you should already have deployed Kibana by now, if not, then make sure you install it.

Kibana runs on the port 5601 by default, and we can access it by navigating to localhost:5601. Once there you will be presented with an introduction screen and there will be a button for setting up index patterns, which is what we want to do as we already have data in Elasticsearch.

You will be presented with a list of available indexes in your Elasticsearch and we need to create an index pattern that will pick up the indexes that we are interested in.

Elasticsearch index pattern

As we want to visualize the data that arrived from Logstash, we will create the following pattern which will pick up all of those logstash-*.

In the next step, we will need to assign the time filter field which is the timestamp inside the document that is stored in Elasticsearch. It’s important that you do this so that you can narrow down data by a time range. For our case, Logstash provided us with a handy @timestamp field name, so we will pick that and proceed. And now we have successfully added our first index(es) to Kibana.

Creating your first visualization

Once we have the indexes we can actually go ahead and create our first visualization. It’s the visualizations that you will use when looking at data and they can later be added to dashboards which is a collection of visualizations.

Navigate to visualize and let’s create a pie chart, you can do that by pressing the plus button and then selecting Pie.

Our metric is going to be count, so make sure that it is selected as the Slice Size. Next, we need to select the bucket, which is going to be the actual data that we are going to do perform metrics on. The most simple one; Split Slices, which I recommend using is going to be our choice of a bucket for the pie chart. There are many different aggregations that can be selected, and the options that you will want to choose really depends on what type of data that you have sent to Elasticsearch. The most popular one is probably term, where you can select and visualize the different data inside a field. I am, however, going to select which lets us write more advanced filters with a Lucene syntax, for example, I have logging rows inside a message field which contains the HTTP verbs; GET, PUT, POST & DELETE. So I can write a filter for each HTTP verb, for example message:GET. Which gives us a nice pie chart for visualizing comparing the amount of different HTTP request verbs that the server has received.

Visualization of HTTP verbs

There are many different visualizations and different type of visualizations and the best way to learn it is to simply experiment, try creating some other type of charts where you aggregate different type of data. The key here is to have good fields in Elasticsearch with interesting data. So, as you try to create beautiful visualizations you might realize that there are some interesting data which you might miss, and that’s fine, simply make sure that you log the stuff that you are interested in and then go back to Logstash and configure it to handle and transform the data as you like and go ahead and pass it into Elasticsearch. Kibana will then automatically pick it up as it becomes available in Elasticsearch.

Creating a dashboard

As mentioned already, a dashboard is a collection of visualizations, where you also can add filters to narrow the data for all the visualizations inside the dashboard. Creating a dashboard is very easily done by navigating to the Dashboard page and creating a new one. And then you simply press Add in the top bar to put in visualizations into the dashboard.

Final words

This has been a very brief and basic introduction to Kibana. But that’s really all you need in order to get started with it. Nobody’s data looks the same, and not everybody is interested in the same type of data. So, how you set up your visualizations will really depend on that which is why I recommend to simply start experimenting now when you have the basic knowledge of how Kibana works.

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *