Public live dashboard/workpad

I'd like to create a public page on my website which shows live data from Elasticsearch, and I'm trying to figure out the best approach. Ideally I'd just like to embed a Canvas workpad but I can't quite find a way to do that. From my understanding, the "share on a website" only exports a static version of the workpad. Also when I go to "share on a website", it says my drop-down filter is incompatible with that feature, and I'd like to include the drop-down filter on my public dashboard.

Any suggestions on how I could achieve this?

I'm using Elastic Cloud with x-pack by the way.

Thanks!

From my understanding, the "share on a website" only exports a static version of the workpad. Also when I go to "share on a website", it says my drop-down filter is incompatible with that feature, and I'd like to include the drop-down filter on my public dashboard.

This is correct; the shareable is not connected to Kibana at all and only contains the static data from the JSON file. This is also why elements which manipulate/re-query data (like a drop-down filter) are disabled, as it would require fetching new data from Elasticsearch.

If you need users to be able to query Elasticsearch, you'll need to look into embedding Kibana in an iframe. For example, you could create the Canvas workpad you want to embed, lock the controls to prevent editing, and view fullscreen. Then use that URL in your iframe so that the fullscreen view loads up by default:

<iframe src="https://my-kibana.com/app/canvas#/workpad/workpad-{id}/page/1?__fullscreen=true" frameborder="0" width="1500" height="800"></iframe>

One important thing to note is that you will need to set up a dedicated user/role for the iframe, to prevent visitors from having full access to everything in Kibana. To do this, you'd want to do something like create a role with read permissions on the index you need to query, and a spaces-level permission that only provides access to the Canvas app.

You can then assign a user to this role and set up a proxy to auto-authenticate the embedded iframe to the new user as described in this thread.

Technically a user would still be able to hit "escape" to back out of the workpad's full-screen mode, but if the security permissions are set carefully, they shouldn't be able to do much else.

Hope this helps point you in the right direction! Longer term, we are looking at ways to make it easier to embed pieces of Kibana externally, but in the meantime this is probably your best bet.

1 Like

Thanks for the suggestion lukeelmers, I was able to get it working following these instructions!

For the record, if anyone else is trying to do this, I set up an nginx server using the following configuration:

server {                                                                                                                                                   
 listen       4443 ssl; # non-standard port to separate from apache traffic                                                                                                     
 server_name  <your url>;                                                                                                                            
                                                                                                                                                       
 ssl_certificate      <path to public key>;                                                                                
 ssl_certificate_key  <path to private key>;                                                                                  
                                                                                                                                                       
 ssl_session_cache    shared:SSL:1m;                                                                                                                   
 ssl_session_timeout  5m;                                                                                                                              
                                                                                                                                                       
 ssl_ciphers  HIGH:!aNULL:!MD5;                                                                                                                        
 ssl_prefer_server_ciphers  on;                                                                                                                        
                                                                                                                                                       
 location / {                                                                                                                                          
     proxy_set_header  Host $host;                                                                                                                     
     proxy_set_header  X-Real-IP $remote_addr;                                                                                                         
     proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                     
     proxy_set_header  Authorization "Basic <Base64 encoded credentials>"; # base64-encoded username:password to pass in header                        
     proxy_set_header  X-Found-Cluster <instance-id>;                                                                               
     proxy_pass  <kibana-endpoint-uri>:9243;                                      
 }                                                                                                                                                     
 }          

As tsullivan said in the other thread, the crednetials can be encoded using
echo -n username:password | base64

The one thing that was unclear in that thread was the X-Found-Cluster header which must be set for this to work with an Elastic Cloud instance. The instance ID you need is the alphanumeric code which appears as the subdomain in your kibana endpoint, e.g. https://<instance-id>.us-east-1.aws.found.io:9234.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.