Master Kibana: Install, Configure, and Visualize Elasticsearch Data Efficiently

Kibana is an open‑source analytics and visualization platform designed to work with Elasticsearch.

Install Kibana

Download and install Kibana, then start the service. Access the web UI via http://localhost:5601 or http://YOURDOMAIN.com:5601.

Kibana Configuration

Configuration options are documented at Kibana Settings . Adjust kibana.yml to point to your Elasticsearch instance and restart Kibana if needed.

Access Kibana

Kibana runs as a web application on port 5601. The default Discover page loads the default index pattern with a time filter set to the last 15 minutes and a match‑all query.

Check Kibana status

Visit http://localhost:5601/status or http://192.168.101.5:5601/api/status for JSON status information.

Connect Elasticsearch to Kibana

When you first open Kibana, you are prompted to define an index pattern that matches one or more Elasticsearch indices.

Visit the Kibana UI (e.g., localhost:5601).

Enter an index pattern that matches your indices.

Choose the time‑field option if your data is time‑based, otherwise select “I don’t want to use the Time Filter”.

Click “Create index pattern”. The first pattern becomes the default.

Discover

The Discover page lets you interactively explore your data, view documents, run queries, filter results, and see field statistics. If the index pattern includes a time field, a histogram of document distribution appears at the top.

Set Time Filter

Search Data

Enter queries in the search bar using Kibana’s Lucene‑based query language or the full Elasticsearch DSL JSON. Results update the histogram, document table, and field list in real time.

Lucene Query Syntax

Simple text search: "safari" Field‑specific search: status:200 Range search: status:[400 TO 499] Boolean logic:

status:[400 TO 499] AND (extension:php OR extension:html)

Enhanced Query Syntax

New syntax simplifies queries, e.g., response:200 matches documents where the response field equals 200. Phrase search uses quotes, and boolean operators are case‑insensitive with AND having higher precedence than OR. Parentheses can override precedence.

, >=, <, <= are all valid operators.

Wildcard queries are supported, e.g., machine.os:win* matches windows 7 and windows 10. Multiple fields can be queried simultaneously.

Refresh Results

Filter by Field

Visualize

Visualize lets you create charts based on Elasticsearch queries and add them to dashboards.

Create a Visualization

Click the “Visualize” navigation button.

Click “Create new visualization” or the (+) button.

Select a visualization type.

Specify a search query.

Choose an aggregation for the Y‑axis (e.g., sum, average, count).

Configure the X‑axis.

Dashboard

Dashboards display a collection of visualizations and saved searches. You can arrange, edit, and share them.

Build a Dashboard

Click “Dashboard” in the navigation bar.

Click “Create new dashboard” or the plus (+) button.

Click “Add” and choose an existing visualization or create a new one.

Add saved searches if needed.

Save the dashboard with a name.

Switch between light and dark themes via the options menu; set the dark theme as default in Management → Advanced.

Monitoring

Elasticsearch and Kibana both provide log output for monitoring.

[2018-08-15T14:48:26,874][INFO ][o.e.c.m.MetaDataCreateIndexService] [Px524Ts] [.monitoring-kibana-6-2018.08.15] creating index, cause [auto(bulk api)], templates [.monitoring-kibana], shards [1]/[0], mappings [doc]

log   [03:26:53.605] [info][license][xpack] Imported license information from Elasticsearch for the [monitoring] cluster: mode: basic | status: active