You want to unleash the full power of Kibana and be able to craft some beautiful Dashboards from your logs. Rest assured, you have come to the right place. Kibana is a powerful weapon, the knowledge you are about to read needs you to have reached a certain level (but way below 9000) in the understanding of Logs Data Platform.
This is what you need to know to get you started :
- You are already sending logs on a stream you own : see the quick start tutorial
- You have ordered the Kibana pack Option.
- Your have access to the port 9200 to your cluster (head to the About page in manager to know the address of your cluster).
After some training you will be able to do this kind of Dashboard :
Setup your Kibana index
Kibana requires an index where to store your dashboards and other settings. To create it in our Elasticsearch cluster:
- Sign in on your manager
- On Dedicated Indices section, click on Add a new Index.
- Fill a new suffix and a description. Your index will be prefixed with username-i where username is your current username.
- Attach the Index to your Kibana Pack and click on
Create this index.
That was easy right? If you are not too tired, proceed with the next section.
Select your Stream Alias
To access your logs from Kibana, you will need to setup an Elasticsearch Alias and link them to your Graylog streams, so here we go again :
- Go back to your manager.
- In the alias panel, click on the Add a new alias button
- Choose a name and define a description for your alias
- Save the entry by clicking the floppy disk button.
- Once the alias has been created. Use the ... menu at the right and select Link the alias to a Stream option.
- Define there the graylog streams you want to associate to your alias
- That's it.
So here you go, now Logs Data Platform knows what is the stream you want to browse. Now let's configure Kibana and see if it works!
Setup your own kibana
Get the latest Kibana 5.6.X for Elasticsearch 5.6 here https://www.elastic.co/downloads/kibana (5.6.3 at the time of writing). Here are some direct links for your convenience.
Unzip the archive anywhere on your machine. To configure the Kibana, edit config/kibana.yml and set the following properties. Don't forget to change the kibana index by the one you have created in the first part. Similarly, update the username and password to the ones you use to connect to Graylog. :
server.port: 5601 # The host to bind the server to. server.host: "localhost" # The Elasticsearch instance to use for all your queries. elasticsearch.url: "https://<your_cluster>.logs.ovh.com:9200" # preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false, # then the host you use to connect to *this* Kibana instance will be sent. elasticsearch.preserveHost: true # Kibana uses an index in Elasticsearch to store saved searches, visualizations # and dashboards. It will create a new index if it doesn't already exist. kibana.index: "username-i-index" # If your Elasticsearch is protected with basic auth, this is the user credentials # used by the Kibana server to perform maintenance on the kibana_index at startup. Your Kibana # users will still need to authenticate with Elasticsearch (which is proxyfied through # the Kibana server) elasticsearch.username: "logs-XXXXX" elasticsearch.password: "YOUR_GRAYLOG_PASSWORD"
If everything is setup properly, you should be able to start it by calling bin/kibana. Launch your favorite browser, and point it to http://localhost:5601 On the first page, for Index name or pattern give the full name of your alias (logs-XXXXX-a-XXXXX). Choose timestamp for the time field name then click on Discover tab to read your log entries.
If you want to know what you can do with Kibana, you can fly to the very good Elastic documentation