Hi,
I have spent a few days with Kibana and seem to be running into a few basic usage issues.
Using Elastic, Kibana, Packetbeat, Metricbeat, winlogonbeat
Kibana looks extremely promising, but:
- no favorites
I have a hard time using Kibana and am overwhelmed by the sheer list of items in every application.
Have not found a way to easily select my favorites within the tools or apply a filter like system.cpu that sticks when going into and out of dashboards, visualize.
Do I really have to bookmark the entries and build a link list to be able to quickly navigate through? No, quick favorite item list (recent list is not really usable)?
- Log UI
Why can I not use _source in Log UI and why is there no kind of like function in Log UI (as in dashboard). I have not been able to override the field message via the GUI, nor in the field processing, have only found copy field not concatenate (just to do something like _source). Would be great to build from the GUI the message field for a beat and a specific type of that beat.
No column move, you have to delete the columns and add them in the right order again? Also no click on items and many other things.
- no automatic drill-down
so many good dashboards, visualizations but I cannot get to the data behind it? I filter and do some investigation, but I cannot see the 3 entries the pie chart highlights?
Do I really have to redefine each field into a URL to be able to drill-down? Why not have this automatically done?
Ok, the pin all is somewhat a workaround and also from Discover you have an option to analyze. BTW: Wouldn't it be nice to have analyze from drill-down to come up with predefined visualizations for the type of beat and type?
- no left click, right click on fields in discover and elsewhere
Especially in discover I loose so much time trying to define a filter by searching the entry and adding it, instead of just click the value in disover and click filter/!filter on value. Opening to the full list and then applying the filter takes way too long.
Seems that left click or right click integration is not heavily implemented. It is a must in many circumstances, to be able to have a specific function for a specific type, such as IP Address lookup. Same goes for open a new search just based on the value in a new tab etc.
- working in the GUI and navigate between apps takes a long time
It is very fast to work within an app such as discover, but when I need to switch between dashboard, analyze, siem etc. it takes always a few seconds. And my laptop has an fairly recent cpu/gpu more than 20GB free ram and fast SSD disks.
- Hovering over items and the time it takes for the info to be displayed is long
But only for menu items, or field definitions not for graph values. That is amazingly ultra-fast.
- No undo, breadcrumb navigation
many times I need to add an delete filters or dig in context data and back. The top navigation does not really help and the back button does not always work (context view in discover).
- Context view in discover no timeline and analysis?
You have a great function to load context entries before and after, but the view is limited as it does not offer the same functionality as discover?
There are so many great things, but the navigation and investigation functionality is taking a big toll on usability, that I have come to love with other tools.
Am I doing something wrong?
