I am having an issue in kibana. It does not show any results in the Discover tab.
Please look here for more information.
Do we have any Kibana alternatives that the community has used? I searched on the internet and I could find only Head elasticSearch plugin. If nothing works, then I will work on consuming the ElasticSearch JSON feed using .Net and asp.net charts.
The only thing I know of would be Grafana. But that won't support ES until version 2.5. So currently you're going to have to make due with Kibana or manual labor.
EDIT
Grafana 2.5 has been released and features a ElasticSearch query editor.
I assume you are talking about Kibana 4 or 5. When this happens to me it usually means that the time filter is set to a period when there is no data for or documents do not have time stamps or the mapping of time stamp field is not set to 'date'. So the solution is to use Kibana 3 as your discovery panel. Here is a link to a fork that supports aggregations and Elasticsearch 2.x and 5.x.
https://github.com/immunochomik/kibana3
In Kibana 3 you can remove time filter completely so the time histogram will try to show you all the data in the index, also if there are no time stamps you can still look at data in terms panels and documents panels.
Another interesting alternative is redash, you can build dashboards combining many sources of data including Elasticsearch. Drawback is that you need to know how to write a query.
Open source options: Grafana, Redash
If you are open to commercial solutions, Knowi might be an option for more advanced needs (multi-index/multi-database joins, AI etc). See their ElasticSearch playground.
Related
When comes to centralized log tools, I see lot of comparison of ELK vs EFK vs Loki vs other.
But I have hard time to actually see information about "ELG", ELK (or EFK) but with Grafana instead of Kibana.
I know Grafana can use Elasticsearch as datasource, so it should be technically working. But how good is it? Any drawback compare to using Kibana? Maybe there are more existing dashboard for Kibana than Grafana when it comes to log?
I am asking this as I would like to have one UI system for both my metrics dashboard and my logs dashboard.
Kibana is part of the stack, so it is deeply integrated with elasticsearch, you have a lot of pre-built dashboards and apps inside Kibana like SIEM and Observability. If you use filebeat, metricbeat or any other beat to collect data it will have a lot of dashboards for a lot of systems, services and devices, so it is pretty easy to visualize your data without having to do a lot of work, basically you just need to follow the documentation.
But if you have some data that doesn't fit with one of pre-built dashboards, or want more flexibility and creat your own dashboards, Kibana needs more work than Grafana, and Kibana also only works with elasticsearch, so if you have other datasources you would need to put the data in elasticsearch. Also, if you want to have map visualizations, Kibana Map app is pretty good.
The Grafana plugin for Elasticsearch has some small bugs, but in overall it works fine, things probably will change for better since Elastic and Grafana made a partnership to improve the plugin.
So, if all your data is in elasticsearch, use Kibana, if you have different datasources, use grafana.
What is the best way to get information about creation and closing of issues in Jira into Elasticsearch? I want to visualize the average resolution time for our issues in Kibana.
Any advice is welcome!
You might want to take a look at this github project which claims to do what you are looking for , I havent tested this yet , but this is the closest to your request.
https://github.com/DaGrisa/agile-metrics/
Look at this page,
https://ilaesolution.atlassian.net/wiki/spaces/ELA/pages/31883454/Elastic+Log+For+Jira
there is a Jira Plugin called as Elastic Log. You can configure this in Your Jira Instance and information will be pushed to Elasticsearch. Later you can create visualizations and dashboards in Kibana.
I would add a Metric in use Grafana, in a ruby project.
What are the parameters?, What gem can I use?
Are there a manual?
You should first look into Datasources for Grafana. http://docs.grafana.org/features/datasources/ Datasources are the Programs Grafana can interact with to generate a Graph so you need to install one of them on some device. Grafana itself does not store any data, it "just" creates queries to a Datasource and renders the data.
There are a lot of possible Datasources for Grafana as you can see. Commonly used are Graphite (my favourite) and InfluxDB (easy setup) but a standard SQL could also be the way to go for you. When researching the possible Datasources you can also search for Ruby Gems. I found one for InfluxDB, maintained by Influxdata itself https://github.com/influxdata/influxdb-ruby
I'm trying to add a role based access control over Kibana to have different privileges and dashboards for different types of users and I found those projects:
Elastic Shield Plugin
Search Guard Kibana Multitenancy Module
Elasticsearch Read Only Rest Plugin
Kibana plugin Own Home
What I found is that:
Elastic Shield (now called X-Pack) is the best, but unfortunately it's only 30 days free trial.
search guard module is a little complicated and it does the job, but it's not for free for commercial use which isn't suitable for my case.
ReadonlyREST plugin allows you to define which user reads which data, and their Enterprise Kibana plugin (non-free) also allows you to assign kibana indices to groups or users.
Kibana Plugin Own Home is a workaround solution as it defines different kibana index for different user which isn't practical.
If you know any other projects or any workaround for the mentioned projects above that satisfies my requirements, I'd be so grateful.
Disclaimer: I work for floragunn, makers of Search Guard.
The only real way to separate dashboards and visualizations based on users/tenants is to place them in separate Kibana indices. This is what both Search Guard and Own Home does.
The reason for this is how Kibana works internally: Out of the box, Kibana will place all of these objects in one global Kibana index, shared by all users. Since Kibana itself has no notion of users, roles or tenants, the only way to do it is to intercept the calls to the Kibana index, and rewrite the index name based on the provided user/role information.
Search Guard does this directly on Elasticsearch level, so the tenant
dashboards are separated even if you access Elasticsearch directly.
Own Home does that on Kibana level, but the effect/outcome is
basically the same.
X-Pack does not have multi-tenancy for Kibana, so
there's no separation of dashboards, only access control on Elasticsearch. Same is true for ReadOnly Rest.
One other option you have is to use the Red Hat OpenShift platform. They have an Elasticsearch plugin that is integrated with the Community Edition of Search Guard, and their own Kibana multi-tenancy module. As far as I know, this plugin is completely free.
This use case is now completely supported by ReadonlyREST via the Enterprise Kibana plugin.
And it comes with a lot more multitenancy/multiuser related features:
Remove certain Kibana apps to certain users
RBAC for indices, tenancies
Read only users won't see "save", "delete", "add" buttons in the Kibana UI
I made a video months ago that shows how this looks like.
Disclaimer: I work at ReadonlyREST, happy to take questions! :-)
Open Distro for Elasticsearch is a very good opensource project for multitenancy configuration in kibana. But the problem is proper documentation is not available easily for the older versions.
Set up Multi-Tenant Kibana Access in Open Distro for Elasticsearch
Kibana multi-tenancy
I have started working on ELK recently and have a doubt regarding handling of multiple types of logs.
I have two sets of logs on my server that I want to analyse, one from my android application and the other from my website. I have successfully transferred logs from this server via filebeat to the ELK server.
I have created two filters for either types of logs and have successfully imported these logs into logstash and then Kibana.
This link helped do the above stuff.
https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-centos-7
The above link directs to use the logs in the filebeat index in Kibana and start analysing(I successfully did for one type of logs). But the problem that I am facing is that since both these logs are very different, they need to be analysed differently. How do I do this in Kibana. Should I create multiple filebeat indexes there and import them, or should it be just one single index, or some other way. I am not very clear on this(could not find much documentation), hence would request to please help and guide me here.
Elasticsearch organizes by index and type. Elastic used to compare these to SQL concepts, but now offers a new explanation.
Since you say that the logs are very different, Elastic is saying that you should use different indexes.
In Kibana, the visualization is tied to an index. If you had one panel from each index, you can show them both on the same dashboard.