Kibana is a browser based dashboard for Elastic Search. Two functions in particular are used by Enterprise Search.
- The Dev Tools Console can be used to write .json requests, send these requests to Elastic Search, and to capture the response. Writing .json requests is supported with intellisense.
- Stack Management - Security is used to configure role-based access control (RBAC). This applies when using the Elastic Search cluster for multiple tenants.
Kibana implements several other functions. From the authors:
Kibana is an free and open frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch. Commonly known as the charting tool for the Elastic Stack (previously referred to as the ELK Stack after Elasticsearch, Logstash, and Kibana), Kibana also acts as the user interface for monitoring, managing, and securing an Elastic Stack cluster — as well as the centralized hub for built-in solutions developed on the Elastic Stack. Developed in 2013 from within the Elasticsearch community, Kibana has grown to become the window into the Elastic Stack itself, offering a portal for users and companies.
The version should match the version of Elastic Search, currently
- Elastic Search v7.17.3, Kibana v7.17.3.
Kibana is not 32 or 64 bit specific.
The installation media includes folder Enterprise Search\12.1\Kibana, containing:
No special prerequisites apply.
Kibana is typically installed on one of the Elastic Search cluster node servers, or on a server that has access to the cluster.
Unpack the zip.
- Unpack the zip in a temp folder, for example to E:\Temp\kibana-7.17.3-windows-x86_64.
- Move the files to a folder such as E:\Program Files\kibana\7.17.3 and such that folder 7.17.3 contains subfolders bin, config and more.
Configure config\kibana.yml. Uncomment and adjust entries.
- Set server.port, for example: 5601. Or keep the comment, resulting in 5601 by default.
- Set server.host, for example: host-123.example.company.nl. This should be the network resolvable name of the server that runs Kibana. If omitted localhost applies. Typically the server name is used, allowing for remote use of Kibana.
- Set server.publicBaseUrl, for example to "http://server1.example.company.nl:5601"
- Set elasticsearch.hosts, for example ["https://server1.example.company.nl:9202"]. List one or more servers of the Elastic Search cluster, to be used for queries by Kibana.
If the Elastic Search cluster is secured with https additional configuration is required for Kibana. Still in config\kibana.yml:
- Set elasticsearch.ssl.certificateAuthorities: [ "../config/elasticsearch-ca.pem" ] such that Kibana acting as a client trusts the https certificate presented by Elastic Search.
- Set server.ssl.enabled: true such that Kibana acting as a server requires https for its client browsers.
- Set server.ssl.keystore.path: "../config/http.p12" to specify the certificate to present to client browsers. Hence the certificate used to access Elastic Search over https is reused for access of Kibana.
- Add the password of the client certificate to the keystore of Kibana. Command box, in kibana\7.17.3\bin: Run: kibana-keystore.bat add server.ssl.keystore.password and enter the client certificate password as created during the Elastic Search installation, see First installation. If the password cannot be added because the keystore is not yet available first run: kibana-keystore.bat create. The password must be typed and cannot be entered with copy and paste. Paste results in storage of an empty password and subsequently leads to hard-to-understand errors.
If the Elastic Search cluster requires credentials additional configuration is required for Kibana. Still in config\kibana.yml:
- Set elasticsearch.username, typically "kibana_system". This is the user name that Kibana uses for a login on Elastic Search.
- Do not use elasticsearch.password for the password. Instead add the pasword to the keystore. Run: kibana-keystore.bat add elasticsearch.password and enter the password as created when setting the passwords of system users, during the Elastic Search installation. Again type the password and do not use copy and paste.
Generate and add encryption keys.
- In the bin issue: kibana-encryption-keys.bat generate -i
- Issue y for all three encryption keys.
- Accept kibana.sample.yml.
- Transfer the three encryption keys including comments from kibana.sample.yml to kibana.yml. The tail of kibana.yml will be extended with something like:
#Used to encrypt stored objects such as dashboards and visualizations
#Used to encrypt saved reports
#Used to encrypt session information
- Start a command box, as administrator.
- Go to the bin folder and invoke kibana.bat.
- Inspect the feedback. Expect a message like Server running at https://server1.example.company.nl:5601.
- In a browser on a remote computer visit https://server1.example.company.nl:5601/. Expect the Kibana dashboard. Expect no certificate warnings, assuming that a public CA is used or a generated CA is used that is already installed on the client computer, see the Elastic Searchinstallation and test.
- Stop with Ctrl-C.
Install as a Windows service
Install and start Kibana as a Windows service.
- Obtain the service manager. Installation media include: Enterprise Search\R12.1\Service Manager\nssm-2.24.zip.
- Unpack the zip and obtain win64\nssm.exe. Copy this .exe to kibana\7.17.3\bin.
- Command box; go to folder bin. Run: nssm install Kibana
- Through the user interface:
- Path: E:\Program Files\kibana\7.17.3\bin\kibana.bat
- Startup (prefilled): C:\ProgramFiles\kibana\7.17.3\bin
- Dependencies: use the appropriate name: elasticsearch-service (unless installed on a distinct server)
- Install service
- nssm start Kibana
- sc failure Kibana actions=restart/60000/restart//reboot/ reset=86400
If Kibana serves on a non-local address allow incoming traffic.
- Add a firewall rule. Use an inbound port rule, specifying 5601 or specifying the selected port, for traffic over TCP. Name the rule, for example, Kibana - dashboard for Elastic Search.
Test using a browser.
- If Elastic Search runs on localhost: visit http://localhost:5601/. Expect the Kibana dashoard.
- If Elastic Search runs for a server url: perform the test from a browser on a remote system.
- Kibana login page remains empty: possibly Internet Explorer is used. The latest IE v11 is dated 2013 and is no longer supported by Kibana. Use another browser.
- Kibana login using kibana_system gives: You do not have permission to access the requested page. Use user elastic. User has less privilges, and for example lacks privilege read_security cluster.
- Kibana logging reports [status] Kibana is now degraded and, later [status] Kibana is now available (was degraded). The second message should be interrpreted as: was degraded and is no longer degraded, hence there is no issue.