Friday Night Wiki
TopicsAbout
Buy me a coffee
Kibana Tutorial

Getting Started with Kibana

Accessing Kibana

Open your browser and navigate to your Kibana instance:

Local installation: http://localhost:5601
Cloud deployment: https://your-deployment.kb.elastic.cloud

First Login

If security is enabled, you'll see a login screen:

Default credentials (local dev):

  • Username: elastic
  • Password: Generated during Elasticsearch setup (check console output)

Cloud deployment: Use credentials provided when you created your deployment.

The Kibana Interface

Kibana's interface consists of several key areas:

┌────────────────────────────────────────────────────┐
│  [☰] Kibana Logo         Search...     [👤] [⚙️]   │  ← Header
├──────┬─────────────────────────────────────────────┤
│      │                                             │
│  📊  │                                             │
│  🔍  │          Main Content Area                  │
│  📈  │                                             │
│  🛠️  │                                             │
│      │                                             │
│      │                                             │
└──────┴─────────────────────────────────────────────┘
   ↑
Navigation
  Menu

1. Header Bar

Located at the top:

  • Hamburger menu (☰): Toggle navigation sidebar
  • Search bar: Quick search across Kibana objects
  • User icon (👤): Account settings, logout
  • Settings icon (⚙️): Global settings, theme switcher

2. Navigation Menu (Left Sidebar)

The main navigation is organized into sections:

Analytics

  • Discover: Explore and search data
  • Dashboard: View and create dashboards
  • Visualize Library: Manage visualizations
  • Canvas: Create pixel-perfect presentations
  • Maps: Geographic data visualization
  • Graph: Explore relationships in data
  • Machine Learning: Anomaly detection and forecasting

Observability

  • Overview: Observability summary
  • Alerts: Manage alerts and rules
  • APM: Application Performance Monitoring
  • Uptime: Website and service monitoring
  • Logs: Log aggregation and analysis
  • Metrics: Infrastructure metrics
  • Service Maps: Visualize service dependencies

Security

  • Overview: Security posture
  • Alerts: Security alerts and detections
  • Timelines: Investigation workspace
  • Cases: Incident management

Management

  • Stack Management: Configure Elasticsearch and Kibana
    • Index Patterns/Data Views
    • Saved Objects
    • Index Management
    • Alerting and Actions
    • Advanced Settings

3. Main Content Area

The central area where you work with data, create visualizations, or configure settings.

Understanding Kibana Spaces

Kibana Spaces allow you to organize your dashboards, visualizations, and other saved objects into separate areas.

What are Spaces?

Think of Spaces as isolated environments within Kibana:

┌─────────────────────────────────────────────┐
│              Kibana Instance                │
├─────────────────────────────────────────────┤
│  📁 Default Space                           │
│     - Marketing Dashboards                  │
│     - Sales Visualizations                  │
│                                             │
│  📁 Development Space                       │
│     - Test Dashboards                       │
│     - Debug Visualizations                  │
│                                             │
│  📁 Production Space                        │
│     - Live Monitoring                       │
│     - Production Alerts                     │
└─────────────────────────────────────────────┘

Creating a Space

  1. Go to Stack ManagementKibanaSpaces
  2. Click "Create a space"
  3. Fill in details:
    • Name: "Development"
    • Identifier: "dev" (used in URLs)
    • Description: "Development and testing"
    • Color: Choose an identifier color
  4. Click "Create space"

Switching Spaces

  • Click the space selector in the header (left of search bar)
  • Choose the space you want to switch to

Adding Sample Data

Sample data is the fastest way to start learning Kibana.

Steps to Add Sample Data

  1. From the home page, click "Try sample data"

  2. You'll see three options:

    Sample eCommerce Orders

    • E-commerce transactions
    • Customer behavior analysis
    • Sales metrics

    Sample Flight Data

    • Flight routes and delays
    • Geographic visualization
    • Time-based analysis

    Sample Web Logs

    • Web server access logs
    • Traffic analysis
    • HTTP status codes

  3. For each dataset, click "Add data"

  4. Click "View data" to see the pre-built dashboard

What Gets Installed

Each sample dataset includes:

  • Index with sample documents (~4,000-5,000 records)
  • Index pattern (data view) for the index
  • Pre-built dashboard showing key insights
  • Visualizations used in the dashboard
  • Canvas workpad (for eCommerce data)

Example: Sample eCommerce Orders creates:

kibana_sample_data_ecommerce (index)
├── Dashboard: [eCommerce] Revenue Dashboard
├── Visualizations:
│   ├── [eCommerce] Sales by Category
│   ├── [eCommerce] Revenue Over Time
│   ├── [eCommerce] Top Products
│   └── ... (8 more)
└── Canvas: [eCommerce] Order Details

Exploring the Sample Dashboard

Let's explore the eCommerce dashboard:

1. Open the Dashboard

  • Go to Dashboard in the navigation menu
  • Click "[eCommerce] Revenue Dashboard"

2. Dashboard Components

You'll see several panels:

Metric Panels (top)

  • Total Revenue
  • Average Order Value
  • Total Sold Quantity
  • Total Orders

Visualizations (below)

  • Sales by category (pie chart)
  • Sales over time (line graph)
  • Top selling products (bar chart)
  • Revenue by region (map)
  • Orders by day of week (heat map)

3. Interactive Features

Time Picker (top right)

Last 15 minutes | Last 30 minutes | Last 1 hour | ...

Try changing the time range:

  1. Click the time picker
  2. Select "Last 7 days"
  3. Watch the dashboard update

Filters (top)

Add a filter:

  1. Click "+ Add filter"
  2. Field: category
  3. Operator: is
  4. Value: Men's Clothing
  5. Click "Save"

The dashboard now shows only men's clothing data!

Drill-Down (click on visualizations)

  1. Click on a pie slice in the category chart
  2. Notice a filter is automatically added
  3. All panels update to show filtered data
  4. Remove filter by clicking the X on the filter badge

4. Saving a Filtered View

Create your own view:

  1. Apply some filters
  2. Change the time range
  3. Click "Save" in the top menu
  4. Choose "Save as new dashboard"
  5. Give it a name: "My Custom View"
  6. Click "Save"

Understanding Index Patterns (Data Views)

Before exploring data, understand how Kibana connects to Elasticsearch.

What is an Index Pattern?

An index pattern (now called Data View in Kibana 8.x) tells Kibana which Elasticsearch indices to query.

Elasticsearch Indices:
- logs-2024-01-01
- logs-2024-01-02
- logs-2024-01-03

Index Pattern: logs-*
(Matches all three indices)

Viewing Existing Data Views

  1. Go to Stack ManagementKibanaData Views
  2. You'll see data views for sample data:
    • kibana_sample_data_ecommerce
    • kibana_sample_data_flights
    • kibana_sample_data_logs

Anatomy of a Data View

Click on a data view to see its configuration:

  • Name: Display name in Kibana
  • Index pattern: Pattern matching indices (e.g., logs-*)
  • Time field: Field used for time-based queries
  • Fields list: All fields available in the matched indices
    • Field name
    • Field type (string, number, date, etc.)
    • Searchable/Aggregatable status

Basic Navigation Patterns

Opening Multiple Tabs

Kibana supports browser tabs. Open multiple views:

  1. Right-click a dashboard → "Open in new tab"
  2. Work on a visualization while referencing a dashboard
  3. Compare different time ranges side-by-side

Using Breadcrumbs

Track your location:

Dashboards > [eCommerce] Revenue Dashboard > Edit

Click breadcrumbs to navigate back to previous levels.

Keyboard Shortcuts

Speed up your workflow:

ShortcutAction
/Focus search bar
Ctrl/Cmd + KOpen command palette
Ctrl/Cmd + /Toggle navigation menu
EscClose modal/dialog

Search Bar (Global)

The search bar in the header lets you quickly find saved objects:

Type: "revenue"
Results:
- [eCommerce] Revenue Dashboard
- [eCommerce] Revenue Over Time (visualization)

Click a result to open it immediately.

Customizing Your Experience

Changing Theme

  1. Click user icon (👤) in header
  2. Select "Dark mode" or "Light mode"
  3. Kibana immediately applies the change

Setting Default Index Pattern

  1. Go to Stack ManagementKibanaAdvanced Settings
  2. Search for defaultIndex
  3. Select your preferred default data view
  4. Click "Save"

Language and Region

  1. Go to Stack ManagementKibanaAdvanced Settings
  2. Search for dateFormat
  3. Customize date format: MMM D, YYYY @ HH:mm:ss.SSS
  4. Adjust timezone settings if needed

Common UI Patterns

Save/Cancel Buttons

Most screens have action buttons in the top-right:

  • Save: Persist changes
  • Save and return: Save and go back
  • Cancel: Discard changes

Filter Pills

Filters appear as colored pills:

[🔍 category: "Men's Clothing"] [✕]
[🔍 geoip.country_iso_code: "US"] [✕]
  • Click the X to remove
  • Click the pill to edit or disable temporarily
  • Drag to reorder (affects query performance)

Action Buttons (...)

Three-dot menus provide contextual actions:

On dashboards:

  • Edit
  • Clone
  • Delete
  • Export
  • Share

On visualizations:

  • Inspect
  • Copy as cURL
  • Download as CSV

Tips for New Users

Start with Sample Data

Don't jump into your own data immediately. Use sample data to:

  • Learn the interface
  • Understand capabilities
  • Test queries safely
  • Build confidence

Explore, Don't Fear

Kibana is non-destructive to your data:

  • Visualizations don't modify source data
  • Dashboards are just saved views
  • You can't break Elasticsearch from Kibana UI
  • Deleted objects can be recovered (if backed up)

Use the Documentation

Kibana has excellent in-app help:

  • Look for ? icons for contextual help
  • Click "Help" links in any section
  • Most fields have tooltip explanations

Save Your Work Frequently

Until you're comfortable:

  • Save dashboard changes often
  • Clone before making major edits
  • Export important dashboards as backup

Common Beginner Questions

Q: Why can't I see any data in Discover? A: Check your time range. Default is "Last 15 minutes" - your data might be older.

Q: What's the difference between a visualization and a dashboard? A: A visualization is a single chart/graph. A dashboard is a collection of multiple visualizations.

Q: Can I delete sample data? A: Yes! Go to home → Sample data → "Remove" for each dataset.

Q: How do I know what data I have? A: Go to Stack ManagementIndex Management to see all indices and their document counts.

Q: Why do some fields say "not aggregatable"? A: Text fields analyzed for full-text search can't be aggregated. Use the .keyword version instead.

Next Steps

Now that you're comfortable with the interface:

  1. Chapter 3 (Discover): Learn to explore and search data
  2. Chapter 4 (Visualizations): Create your first charts
  3. Chapter 5 (Dashboards): Build full dashboards

Summary

In this chapter, you learned:

  • ✅ How to navigate the Kibana interface
  • ✅ Understanding Spaces for organization
  • ✅ Adding and exploring sample data
  • ✅ What index patterns/data views are
  • ✅ Basic navigation and customization
  • ✅ Common UI patterns and shortcuts

You're now ready to start exploring data in depth!