How to use Kibana

A Cyber Security Research Dumpsite

How to use Kibana

This fragmented blog post on “How to use Kibana” is a continuation of my previous blog post, I showed how I installed ELK and Beats on my Linux machine and my Windows machine.

If you have missed my post on how I installed ELK and Beats on Linux and Windows – Click here.

Note:  I cannot emphasize enough that this Tutorial on how to use Kibana was taken from the official documentation on the Elastic website. The hyperlinked texts will redirect you to their website.

How to use Kibana: The Sidebar

Firstly, navigate to Kibana on: YOUR_IP_HERE:5601

In Kibana console, we have different sections:

How to use Kibana

How to use Kibana: Definitions.

Discover –

You can interactively explore your data from the Discover page. It provides you with access to every document in every index that matches the selected index pattern. You can submit search queries, filter the search results, and view document data. You can also see the number of documents that match the search query and get field value statistics.

If a time field is configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the top of the page.

Visualize –

Visualize enables you to create visualizations of the data in your Elasticsearch indices. You can then build dashboards that display related visualizations.

Kibana visualizations are based on Elasticsearch queries. By using a series of Elasticsearch aggregations to extract and process your data, you can create charts that show you the trends, spikes, and dips you need to know about.

You can create visualizations from a search saved from Discover or start with a new search query.

Dashboard –

A Kibana dashboard displays a collection of visualizations and searches. You can arrange, resize, and edit the dashboard content and then save the dashboard so you can share it.

Timelion

Timelion is a time series data visualizer that enables you to combine totally independent data sources within a single visualization.

It’s driven by a simple expression language you use to retrieve time series data, perform calculations to tease out the answers to complex questions, and visualize the results.

For example, Timelion enables you to easily get the answers to questions like:

  • How many pages does each unique user view over time?
  • What’s the difference in traffic volume between this Friday and last Friday?
  • What percent of Japan’s population came to my site today?
  • What’s the 10-day moving average of the S&P 500?
  • What’s the cumulative sum of all search requests received in the last 2 years?

Tutorials to help with this feature:

 APM –

Elastic Application Performance Monitoring (APM) automatically collects in-depth performance metrics and errors from inside your applications.

The APM page in Kibana is provided with the X-Pack basic license. It enables developers to drill down into the performance data for their applications and quickly locate the performance bottlenecks.

Dev Tools –

The Dev Tools page contains development tools that you can use to interact with your data in Kibana.

Monitoring –

X-Pack monitoring in Kibana serves two separate purposes:

  • To visualize monitoring data from across the Elastic Stack. You can view health and performance data for Elasticsearch, Logstash, and Beats in real time, as well as analyse past performance. For more information, see Monitoring the Elastic Stack.
  • To monitor Kibana itself and route that data to the monitoring cluster.

If you enable X-Pack monitoring across the Elastic Stack, a monitoring agent runs on each Elasticsearch node, Logstash node, Kibana instance, and Beat to collect and index metrics.

Each node and instance are considered unique based on its persistent UUID, which is written to the path.data directory when the node or instance starts.

Management –

The Management application is where you perform your run time configuration of Kibana.

This includes both the initial setup and ongoing configuration of index patterns, advanced settings that tweak the behaviors of Kibana itself, and the various “objects” that you can save throughout Kibana such as searches, visualizations, and dashboards.

This section is plugin able, so in addition to the out of the box capabilities, packs such as X-Pack can add additional management capabilities to Kibana.


I hope these definitions gave you an idea on how to use Kibana web interface and what each section does. The links below goes into depth on: Discover, Visualization and Dashboard.

Just landed on this page? Don’t know what Kibana is or how to install it? Check the following link on how to install it: