Blog > How Kibana Works in ELK Stack
Here we are going to discuss how Kibana works in the ELK stack. But, first, we need to understand the ELK stack.
ELK stack combines three open-source tools: ElasticSearch, Logstash, and Kibana for log analysis. Logs are one of the most important pieces of data. Kibana uses the excellent faceted queries as provided by ElasticSearch to create tables, histograms, pie charts, and maps with geo points.
ElasticSearch: An Apache Lucene-based search engine; it’s an open-source tool and developed in java. It’s a database that holds companies’ data and allows analysis and searches on data. It stores data in the form of indexes.
Logstash: Logstash is responsible for getting data from multiple sources to that particular index.
Kibana: Here Kibana, is the most integral part because ElasticSearch can do searches and analysis, but it does not have a UI. Here Kibana is a tool that provides the user interface to the ELK stack. The user will search Kibana, and Kibana goes and searches ElasticSearch for that particular data. It is also helpful for log, time-series analytics, application monitoring, and operational intelligence.
Roles of Kibana in ELK
- Enables users to perform searching and interaction with data in ElasticSearch.
- Allows performing advanced analytics and helps users create reports based on the data, create a dashboard of those reports, and share them with others.
- Kibana enables the creation and sharing of dynamic dashboards that get updated in real-time. So, data can be coming in real-time from various sources to ElasticSearch with the help of Logstash. Whatever reports are created on the dashboard will get updated with the newest data coming in. Kibana is a web-based tool accessed over the localhost.
Companies using Kibana
A lot of popular companies are using Kibana, such as:
- StackOverflow
- Netflix
- Accenture
- HipChat
Kibana Dashboards
In the ELK stack, Kibana allows us to create visualization analyses; the dashboards are just JSON documents. There are two ways to design a dashboard in Kibana, i.e., storing these JSON documents in ElasticSearch, and creating a template, i.e., a JSON document based on a specific schema. By default, each dashboard can consist of the following items: services, rows, panels, and index. The services can reuse between different panels simultaneously. Here rows are the objects that contain all rows with panels. The user can add multiple panels to their dashboards freely according to their needs, such as a table, histogram, terms, text, map, etc.
It has support for creating dashboards dynamically via templates and advanced scripts. It allows its users to create a based dashboard and then influence it with parameters. Templates and scripts must be stored on a disk, and they must be created by editing or creating a schema.
Kibana Custom Dashboard Creating Drilldowns
Custom dashboard actions, or Drilldowns, allow us to create workflows for analyzing and troubleshooting our data. Drilldowns apply only to the panel user created the Drilldown from and are not shared across all panels. Each panel can have multiple Drilldowns. Kibana supports dashboard and URL Drilldowns.
Dashboard Drilldowns
Dashboard Drilldown allows us to open a dashboard from another dashboard, taking the time range, filters, and other parameters to remain in the same context. For example, suppose a user wants to show the overall status of multiple data centers. That case can create a Drilldown that navigates from the overall status dashboard to a dashboard that shows a single data center.
URL Drilldowns
Using URL Drilldowns, the user can navigate from a dashboard to an internal or external URL. For example, suppose a user wants to create a dynamic URL Drill Down as if they have a dashboard that shows data from the GitHub repository. In that case, that can generate a URL Drilldown that opens GitHub from the dashboard panel.
Author: SVCIT Editorial
Copyright Silicon Valley Cloud IT, LLC.