Kibana

Kibana is the default visualization tool for data in Elasticsearch. It also serves as a user interface for the Open Distro for Elasticsearch Security and Alerting plugins.

Run Kibana using Docker

You can start Kibana using docker run after creating a Docker network and starting Elasticsearch, but the process of connecting Kibana to Elasticsearch is significantly easier with a Docker Compose file.

  1. Run docker pull amazon/opendistro-for-elasticsearch-kibana:1.2.0.

  2. Create a docker-compose.yml file appropriate for your environment. A sample file that includes Kibana is available on the Open Distro for Elasticsearch Docker installation page.

    Just like elasticsearch.yml, you can pass a custom kibana.yml to the container in the Docker Compose file.

  3. Run docker-compose up.

    Wait for the containers to start. Then see Get started with Kibana.

  4. When finished, run docker-compose down.

Run Kibana using the RPM or Debian package

  1. If you haven’t already, add the yum repositories specified in steps 1–2 in RPM or the apt repositories in steps 2–3 of Debian package.
  2. sudo yum install opendistroforelasticsearch-kibana or sudo apt install opendistroforelasticsearch-kibana
  3. Modify /etc/kibana/kibana.yml to use elasticsearch.hosts rather than elasticsearch.url.
  4. sudo systemctl start kibana.service
  5. To stop Kibana:

    sudo systemctl stop kibana.service
    

Configuration

To run Kibana when the system starts:

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service

You can also modify the values in /etc/kibana/kibana.yml.

Get started with Kibana

  1. After starting Kibana, you can access it at port 5601. For example, http://localhost:5601
  2. Log in with the default username admin and password admin.
  3. Choose Try our sample data and add the sample flight data.
  4. Choose Discover and search for a few flights.
  5. Choose Dashboard, [Flights] Global Flight Dashboard, and wait for the dashboard to load.