How To Create A Dashboard In Kibana Step By Step
Welcome to CloudAffaire and this is Debjeet.
In this series, we will explore one of the most popular log management tools in DevOps better known as ELK (E=Elasticserach, L=Logstash, K=Kibana) stack.
Kibana UI Components:
Data Exploration And Visualization Tools:
Discover enables you to explore your data, find hidden insights and relationships, and get answers to your questions. Using Discover you can access every document in every index that matches your selected index pattern, search your data and filter the search results, get field-level details about the documents that match your search and view the events that occurred just before and after a document.
Visualize enables you to create visualizations of the data from your Elasticsearch indices, which you can then add to dashboards for analysis. Kibana visualizations are based on Elasticsearch queries. By using a series of Elasticsearch aggregations to extract and process your data, you can create charts that show you the trends, spikes, and dips you need to know about.
A dashboard is a collection of visualizations, searches, and maps, typically in real-time. Dashboards provide at-a-glance insights into your data and enable you to drill down into details.
Using Dashboard, you can add visualizations, saved searches, and maps for side-by-side analysis, arrange dashboard elements to display exactly how you want, customize time ranges to display only the data you want and inspect and edit dashboard elements to find out exactly what kind of data is displayed.
Canvas is a data visualization and presentation tool that sits within Kibana. With Canvas, you can pull live data directly from Elasticsearch, and combine the data with colors, images, text, and your imagination to create dynamic, multi-page, pixel-perfect displays. If you are a little bit creative, a little bit technical, and a whole lot curious, then Canvas is for you.
Using Canvas, you can create and personalize your work space with backgrounds, borders, colors, fonts, and more, Customize your workpad with your own visualizations, such as images and text, customize your data by pulling it directly from Elasticsearch, show off your data with charts, graphs, progress monitors, and more and focus the data you want to display with filters.
The graph analytics features enable you to discover how items in an Elasticsearch index are related. You can explore the connections between indexed terms and see which connections are the most meaningful. This can be useful in a variety of applications, from fraud detection to recommendation engines. For example, graph exploration could help you uncover website vulnerabilities that hackers are targeting so you can harden your website. Or, you might provide graph-based personalized recommendations to your e-commerce customers. The graph analytics features provide a simple, yet powerful graph exploration API, and an interactive graph visualization tool for Kibana. Both work out of the box with existing Elasticsearch indices-you don’t need to store any additional data to use these features.
As datasets increase in size and complexity, the human effort required to inspect dashboards or maintain rules for spotting infrastructure problems, cyber attacks, or business issues becomes impractical. Elastic machine learning features such as anomaly detection and outlier detection make it easier to notice suspicious activities with minimal human interference.
Elastic Maps enables you to parse through your geographical data at scale, with speed, and in real time. With features like multiple layers and indices in a map, plotting of raw documents, dynamic client-side styling, and global search across multiple layers, you can understand and monitor your data with ease.
The Metrics app enables you to monitor your infrastructure metrics and identify problems in real time. You start with a visual summary of your infrastructure where you can view basic metrics for common servers, containers, and services. Then you can drill down to view more detailed metrics or other information for that component.
The Logs app in Kibana enables you to explore logs for common servers, containers, and services. The Logs app has a compact, console-like display that you can customize. You can filter the logs by various fields, start and stop live streaming, and highlight text of interest. You can open the Logs app from the Logs tab in Kibana. You can also open the Logs app directly from a component in the Metrics app. In this case, you will only see the logs for the selected component.
Elastic Application Performance Monitoring (APM) automatically collects in-depth performance metrics and errors from inside your applications. The APM app in Kibana is provided with the basic license. It enables developers to drill down into the performance data for their applications and quickly locate the performance bottlenecks.
Uptime allows you to monitor the status of network endpoints via HTTP/S, TCP, and ICMP. You can explore endpoint status over time, drill down into specific monitors, and easily view a high-level snapshot of your environment at any point in time.
The SIEM app in Kibana provides an interactive workspace for security teams to triage events and perform initial investigations. It enables analysis of host-related and network-related security events as part of alert investigations or interactive threat hunting.
Management is home to UIs for managing all things Elastic Stack— indices, clusters, licenses, UI settings, index patterns, spaces, and more.
Console enables you to interact with the REST API of Elasticsearch. Using Console You can send requests to Elasticsearch and view the responses, view API documentation and get your request history.
Elasticsearch has a powerful Profile API which can be used to inspect and analyze your search queries. The response returns a large JSON blob, which can be difficult to analyze manually. The Query Profiler tool can transform this JSON output into a visualization that is easy to navigate, allowing you to diagnose and debug poorly performing queries much faster.
You can build and debug grok patterns in the Kibana Grok Debugger before you use them in your data processing pipelines. Grok is a pattern matching syntax that you can use to parse arbitrary text and structure it. Grok is good for parsing syslog, apache, and other webserver logs, mysql logs, and in general, any log format that is written for human consumption.
The Kibana monitoring features serve two separate purposes: To visualize monitoring data from across the Elastic Stack. You can view health and performance data for Elasticsearch, Logstash, and Beats in real time, as well as analyze past performance amd to monitor Kibana itself and route that data to the monitoring cluster. If you enable monitoring across the Elastic Stack, each Elasticsearch node, Logstash node, Kibana instance, and Beat is considered unique based on its persistent UUID, which is written to the path.data directory when the node or instance starts.
You can generate a report that contains a Kibana dashboard, visualization, saved search, or Canvas workpad. Depending on the object type, you can export the data as a PDF, PNG, or CSV document, which you can keep for yourself, or share with others.
How To Create A Dashboard In Kibana Step By Step:
Prerequisite: Kibana and Elasticsearch installed and configured.
Step 1: Create an index pattern. Open your Kibana URL and provide ‘cloudaffairemldb’ as Index name and click ‘Next step’.
Step 2: Select ‘DateOfJoining’ as ‘Time filter field name’ and click ‘Create index pattern’.
Our index pattern created successfully, you can discover the data by clicking on the discover icon and providing time rage as 15 years.
Step 3: Navigate to ‘Dashboard’ and click ‘Create new’.
Step 4: Click on ‘Vertical Bar’ to create a new visualization.
Step 5: Select ‘cloudaffairempldm’ as your source.
Step 6: Select ‘X-axis’ under ‘Buckets’.
Step 7: Provide the details for ‘X-Axis’ and click on the play button.
Our 1st dashboard is created with the distribution of employee data according to the designation.
Step 8: Provide ‘Split series’ details and click on the play button. Once the report is loaded, click on ‘Save’.
Our 1st dashboard has been modified to show gender-wise employee distribution.
Step 9: Provide a name for the visualization and click ‘Save and add to dashboard’.
Next, click on ‘save’ again to save the dashboard.
To get more details on ELK, please refer below documentation.