Kibana is a visualization tool that is used for visualizing data (structured or non-structured) stored in Elasticsearch. Kibana acts an over-the-top layer of Elasticsearch which is used to search, view, analyze data, and create visualizations on the data that is stored in Elasticsearch indices. Kibana and Elasticsearch are Elastic products, but both use the Apache license, which uses the powerful capabilities of Elasticsearch (Lucene query syntax, aggregations) and is based on Apache Lucene. Kibana provides the ability to do analysis of data, visualize the data in forms of different charts such as the Area Chart, Line Chart, Bar Chart, Pie Chart, Tile map,Metrics, and Data table, and create dashboards that can even be shared or embedded. Dashboards provide a unified way to showcase all your visualizations in one place. All the searches/visualization/dashboard are stored as JSON and the underlying has JSON documents. The JSON files for searches/visualization/dashboards...

The Discover page helps you to play around with the data by easily analyzing the indexed documents. It allows you to perform different types of searches on the data, helping you to understand what the data means or how the data can be used to create visualizations. It provides the ability to choose different index names by changing the index pattern without leaving the Discover page. You can easily perform search queries, use filters, and view documents matching the queries and filters.

A Discover page interface typically looks like the following:

The Discover page uses the following components:

This is used to drill down the data based on time. It provides the flexibility to search/query/filter the data on any time period as required. It makes it easier to analyze data of a specific time period or customize the time period as per the requirement. It also provides various options for setting the Time Filter.

Upon clicking on the Time Filter, we can find various sub-options as mentioned in the following sections.

The search box is used to perform various types of queries that fetch the matching documents. Upon searching, the whole Discover page along with its components gets automatically refreshed. Kibana uses the underlying powerful capabilities of Lucene query syntax using the data that is queried. As Kibana utilizes the functionality of the underlying Elasticsearch, Lucene queries provide the ability to perform various types of searches ranging from simple to complex queries.

Lucene queries provide a number of ways to search data. Let's look at these one by one.

The field list is used to provide the list of all the fields that are used in the data. It is useful in analyzing the dataset to learn what the fields are and what type of information the field contains. Fields are categorized under selected fields and available fields wherein the name of each field is arranged in alphabetical order.

It also provides the option of knowing about the data present in the field, the top five values of the field, and its percentage breakdown for the documents containing the value. Such information is available by clicking on any of the fields from the Fields List. Also you can add the fields to view the data of that field for all the documents by clicking on Add, which is present beside the field name. It will move the field name under selected fields, which will provide you with the information of the values present in the field.

In the toolbar along with the search bar, there are other options, such as:

Visualization is the heart of Kibana and it is one of the sole reasons behind the creation of Kibana to provide users the capability to visualize large volumes of data. As the adoption of Elasticsearch and Logstash was increasing day by day, the ability to directly visualize data stored in Elasticsearch was missing and users were unable to make sense of the data. Then came the savior, Kibana, which solved the problem and provided a simple yet intuitive interface. It solved the challenge of visualizing huge volumes of data in near real time. It is the core component that makes Kibana a functionally rich open source software.

The Visualize page helps to visualize all the data that has been stored in Elasticsearch. After understanding the data using the Discover page, the Visualize page takes it a step further and provides the ability to build visualizations with ease. Visualizations help to understand the data instead of going through tons of raw data, which...

Dashboard provides a unified view of displaying all your visualization in one place. Dashboard provides a collection of multiple visualizations or searches that can be arranged in any way and it allows the ability to resize, move, edit, or remove any visualization added to the dashboard. The dashboard provides real time insights to the streaming data as all visualizations are updated in the dashboard in real time. Updating the visualization reflects instantly across the dashboards using that visualization. Dashboard also provides the ability to use search queries that update the visualizations present in the dashboard as per the search result.

The Dashboard page interface typically looks like the following screenshot:

The Dashboard interface is fairly simple to understand as it displays the main Kibana header, which is the same across all pages in Kibana that contain the Time Filter.

The...

Timelion is the latest addition to the Kibana UI with the introduction of Elastic Stack. Timelion is used for analysis and visualizations of time-series data. It provides the ability to combine multiple data sources into a single visualization and gives a range of mathematical calculations that can be used, such as cumulative sum, derivative, moving averages, and so on.

Timelion is present in the left-pane of the Kibana UI between icons of Dashboard and Dev Tools. It has its own language and expressions when using it, which makes it difficult to start with. However, it has a great built-in documentation and tutorial to guide you on how to start using Timelion.

When you click on Timelion, you will be greeted with a screen similar to the following screenshot:

In the preceding screenshot, you see that there has been a default expression that has already been added, .es(*),which means it is querying all the data present in Elasticsearch within all the indices. It represents...

Dev Tools refers to the development tools that aid the developer. In Kibana, it is used for the Console UI, which provides a simple yet clean interface to access API queries using the REST API exposed by the Elasticsearch client. Console allows us to make any API call from a web browser. Its interface gives us a clean way to make a call and generates JSON in a pretty print format, which allows you to view results in a neat way. It works on top of an HTTP layer of an Elasticsearch cluster.

Upon clicking Dev Tools, you will be greeted with the Console UI, as shown in the following screenshot:

For a better understanding all of the available options are marked in the screenshot from number 1 to 7, which are described this section:

Settings provide a way to customize and tweak various Kibana related properties.

This page has been categorized into multiple options to understand the various settings involved with each of the options. The options are displayed as shown in the following screenshot:

Let us have a closer look at the various settings provided by each of the options.

After learning about Elasticsearch, Logstash, and Kibana, let's use these components to create an end-to-end pipeline to parse data from Logstash to Elasticsearch and visualize it using Kibana. We will use a CSV file as input data, which will be used to analyze and create visualizations out of the data.

This will help us to quickly get started by using all the three components together to create an end-to-end pipeline. While using this example in this chapter, we assume that you have successfully installed Elasticsearch, Logstash, and Kibana as described in Chapter 1, Elastic Stack Overview.

Let's have a look at the input data.

In this chapter, we learned about Kibana, its interfaces, and got a glimpse of what it is capable of. Using examples, we created several types of visualizations to analyze the data. Kibana is becoming very popular among analytics tools these days for its offerings. We will be learning more in the following chapters where we will see the real-time datasets, log analysis on production servers, and so on.

In the next chapter, we will learn about Beats, which is a new component of Elastic Stack. We will see the types of Beats, their usage, and the role they play in Elastic Stack with examples.