Master Kibana: From Installation to Advanced Data Visualization

What is Kibana?

Kibana is an open‑source analytics and visualization platform designed to work with Elasticsearch. It enables searching, viewing, and interacting with data stored in Elasticsearch indices, offering advanced analysis and visualizations such as charts, tables, and maps.

1. Install Kibana

Download the appropriate package from the official site and follow the installation instructions. After installation, start the Kibana service.

2. Configure Kibana

Edit kibana.yml to set the Elasticsearch URL if it differs from the default http://localhost:9200, then restart Kibana.

3. Access Kibana

Kibana runs as a web application accessible at http://localhost:5601 (or your domain). The Discover page loads with a default index pattern and a time filter set to the last 15 minutes.

3.1 Check Kibana status

Visit http://localhost:5601/status or http://<em>host</em>:5601/api/status for JSON status information.

4. Connect Elasticsearch to Kibana

On first access, Kibana prompts you to define an index pattern that matches one or more Elasticsearch indices. Adjust kibana.yml if you need to point to a remote Elasticsearch instance, then restart Kibana.

5. Discover

The Discover page lets you explore data interactively. You can query, filter, and view document counts, field statistics, and time‑based histograms when a time field is present.

5.1 Set time filter

5.2 Search data

Enter queries in the search bar using either the Kibana Lucene‑based query language or the full Elasticsearch DSL. Autocomplete and simplified syntax are available.

Results update histograms, document tables, and field lists. The table shows the first 500 hits, sorted by time descending by default.

5.2.1 Lucene query syntax

Simple text search: safari Field‑specific search: status:200 Range search: status:[400 TO 499] Boolean operators:

status:[400 TO 499] AND (extension:php OR extension:html)

5.2.2 Enhanced Kibana query syntax

New syntax removes the need for spaces as delimiters and requires explicit boolean operators. Examples: response:200 matches documents where response equals 200. message:"Quick brown fox" searches the exact phrase. response:200 AND extension:php combines conditions. response:(200 OR 404) matches either value. not response:200 excludes 200 responses.

5.2.3 Refresh results

Use the refresh button to reload the latest data.

5.3 Filter by fields

5.4 View document data

5.5 View document context

5.6 Field statistics

6. Visualize

Visualize creates charts based on Elasticsearch aggregations. You can build dashboards to display multiple visualizations.

6.1 Create a visualization

Click the Visualize button in the left navigation.

Select “Create new visualization” or the plus (+) button.

Choose a visualization type.

Define a search query to retrieve data.

Select Y‑axis aggregation (e.g., sum, average, count).

Configure the X‑axis.

For more details see the official Kibana visualization guide.

7. Dashboard

Dashboards combine visualizations and saved searches. You can arrange, edit, and share them.

7.1 Build a dashboard

Click Dashboard in the navigation bar.

Select “Create new dashboard” or the plus (+) button.

Click Add to insert visualizations or saved searches.

Save the dashboard with a name.

8. Monitoring

Kibana also provides monitoring views for Elasticsearch and Kibana logs.

[2018-08-15T14:48:26,874][INFO][o.e.c.m.MetaDataCreateIndexService] [Px524Ts] [.monitoring‑kibana‑6‑2018.08.15] creating index, cause [auto(bulk api)], templates [.monitoring‑kibana], shards [1]/[0], mappings [doc]

log   [03:26:53.605] [info][license][xpack] Imported license information from Elasticsearch for the [monitoring] cluster: mode: basic | status: active