I am trying to build a Grafana dashboard with an Elastic data-source but when I view the network traffic I see that the browser goes directly to the elastic DB, this means that if a user wanted to they can change the query and get whatever data they want. I want to be able to limit the data to this specific user.
I was thinking of limiting it with a filter for the specific user but am open to suggestions.
After rifling through the grafana forum I found this
https://community.grafana.com/t/grafana-templating-by-logged-in-user/1724
So apparently it's not possible.
Related
If we need to create queries in Kibana dashboard without creating any codebase change where can we do it. Is there any place to create queries in Kibana. Please tell me anyone who knows that place. Because I have a big problem in our project, creating a dashboard for the logs.
see either https://www.elastic.co/guide/en/kibana/current/kuery-query.html or https://www.elastic.co/guide/en/kibana/current/lucene-query.html
and https://www.elastic.co/guide/en/kibana/current/save-load-delete-query.html may also be relevant
Is it possible to save a bunch of queries into a single JSON file to import in Kibana Console?
I know there's an option to save a single query[2] and the Kibana console is based on local storage, but I would like to load up the queries based on parameters, such that changing the params(e.g load_from=filename.json) should load up a different set of queries.
For example, when I open http://localhost:5601/app/kibana#/dev_tools/console?load_from=filename.json, it should open the Kibana console with ES queries from the file.
EDIT: As a workaround, it's possible to do this with Postman API Client or similar API clients.
Solution:
EDIT 2 on 22/02/2022: Kibana Spaces is the answer. It lets you organize dashboards and other saved objects into meaningful categories[3]. Whenever you load http://localhost:5601/ it lets you choose the space you want to work with. Having multiple browser tabs with different saved spaces should work for most cases.
[2] https://www.elastic.co/guide/en/kibana/master/save-load-delete-query.html
[3] https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html
Unfortunately, that's not possible yet.
Elastic is (supposedly) working on a new Kibana feature (tabbed console panes #10095) that will provide support for better organizing the code in the Dev Tools application. The issue has been opened for a while and not much seems to be happening, so we'll see.
The release date of that feature is not known yet.
I am currently using Elastic Cloud to store my AWS CloudWatch logs. Everything seems to work fine as I'm already able to display charts and to query ElasticSearch correctly. Yet, I got a strange behavior I can't explain.
I am logging some events from my app. Let's say request_start and request_end. They are both available on Kibana. Yet, I'm also logging another event, let's say request_middle. I can see it on CloudWatch.
When checking in the Discover tab of Kibana, I don't see this event. I tried event:"request_middle" query, in vain. And if I display a list of all events under this same tab, I get a full list, except request_middle.
I tried to query directly Elastic Search, in case of. But no results as well.
Have some of you already encountered such a case? If so, how did you fix it?
Hi I am new to Kibana (ELK stack).I have created an error dashboard in Kibana but If I need more information about errors how can I get that.Like If I want to know because of what error has been created.How can I get it.
Any initiatives will be appreciated.
For any information that you want to display in Kibana you need to have a source from where that particular information is available. In this case if we assume that the logs being parsed by Logstash has the information on the errors, then you can parse/filter the logs via the pipeline of Logstash to extract the information and store it in a field.
Now the document which are saved in the ES contain the information, this can be used to perform various aggregations or apply different mathematical functions and then eventually visualize it.
I am going to use logstash+ES+kibana for my project. I want to know how to use this framework for multi tenants. Can any one explain me how after the authentication Kibana query the elastic search index and load in Kibana's dashboard? Can I restrict kibana to look for a specifix index of Elastic search for a particular user or some-id? Anybody has tried this?
Thnx
You could, but depending on your use case it is probably not a good idea. There are a few gotchas, particularly regarding security and separating the users. First Kibana is just javascript running in the browser. So whatever Kibana is allowed to do so is your user. You can however have a separate index pattern for each "user", but elastic search does not provide you any ways of authenticating a users or authorizing a user access to a specific index. You would have to use some sort of proxy for this.
I recommend http://www.found.no/foundation/elasticsearch-in-production/ and http://www.found.no/foundation/elasticsearch-security/ for a more in depth explanation.
Create an index for each tenant.
In this way you can use a proxy (like the app the hosts kibana) to intercept the request and return a settings that includes the index to use.
The value that specifies the index to use can be the logged in user or you can get that value somewhere else.
To separate even more the data, you can use a prefix in each index name, and then when you specify an index you can use a pattern to take all the index related to only certain kind of data/entities.
Hope this help.
Elasticsearch announced today a plugin they are working on that should provide security features to ES product. Probably, this will contain ways of restricting access based on roles and users setup at cluster and indices level. If this happens I see no way for them not to extend this security layer to Kibana, as well. Also, it seems this plugin will have a commercial version only.