Welcome to the Elastic Advent Calendar, Day 23! Today I am hoping to give some tips to new users of Kibana. I started working at Elastic roughly an year ago as a QA engineer in the Kibana team. I don’t have a search background, so, it’s been a fun, adventurous and educational ride with Kibana and the rest of the Elastic Stack.
Kibana has 4 distinct parts to explore and learn for a new user — Management, Discover, Visualize, and Dashboard.
Management
In Management, you need to create index patterns in Kibana to explore and visualize your data. An index pattern allows you to dynamically group the indices in your data, which is stored in Elasticsearch. Index patterns can be created in the management section of Kibana.
Pro-tip: If you can’t create an index pattern, it’s always a good idea to query cat indices. Replace localhost here with your Elasticsearch IP.
Discover
Here you can explore your data and ask questions (aka input queries) to figure out the mysteries of the universe. For time based index patterns, the Time Picker lets you pick your desired time period to explore the data. Kibana lets you do this with lucene query or Kibana’s new query language, Kuery. You can enable Kuery in advanced settings.
This simple query response:200 in Lucene, or is(response, 200) in Kuery, will get you all the documents which have 200 for the response field.
You can also create filters in Discover. One way to do it would be click on add filter and select your filter values. In both cases you can save the results as a saved search and use it while creating Visualizations or in the Dashboard.
Pro-tip 1: If you can’t see the data, try changing the time period in the Time Picker.
Pro-tip 2: Dive deeper into Kuery with this awesome blogpost on Kuery
Pro-tip 3: You can also pin your filter, using the pin icon. This will insure your data is filtered as you navigate between Discover/Visualize/Dashboard.
Visualize
Visualize lets you select, create, and search for different types of visualizations. Let’s take the Tag Cloud for example. The Tag Cloud uses a terms aggregation, and this is how you can create it:
Pro-tip 1: You can create visualizations by either using a new search or one of your old saved searches.
Pro-tip 2: Kibana maps are getting more powerful. You can host your custom geo.json to display your data. Check this blogpost for an awesome how-to guide.
Dashboard
Finally, we can build dashboards of saved searches and visualizations. They can belong to the same or multiple indexes. Dashboards are powerful and can show all the important metrics a user chooses in a single place. You can create filters in Dashboards to dive in deeper.
Pro-tip 1: You can share a dashboard either as a link, or you can embed it as an iFrame in a html page. You can secure either with authentication via X-Pack.
Pro-tip 2: You can change your dashboard to the dark theme by clicking on Options and using the dark theme.
Pro-tip 3: The Elastic Stack includes Beats — a set of lightweight data shippers which can help you collect all sorts of metrics about your servers/processes/containers/network. The best part is they come prepackaged with a set of dashboards which can be loaded into Kibana. You can learn all about Beats here.
Extras!
Saved objects
Kibana lets you import your objects and export saved objects as long as they are in valid json format. You can do it here:
Pro-tip: This feature is very useful when you are migrating to a different version of Kibana. You can export your saved objects, upgrade your Kibana. And then import the exported saved objects. As long as you have the index patterns created, you will not have to recreate any of your visualizations, dashboards, or saved searches.
Dev Tools
Communicate directly to your Elasticsearch using Console! It's as easy as this;
Pro-tip: Console has history of all the commands you have executed. So, you don't have to keep typing your commands.
Well that's it. I hope this short guide is useful for all the beginners out there. There are plenty of resources for you to learn more: our documentation and our learning resources.
Happy exploring!