Kibana 7 Quick Start Guide E-Book

Kibana 7 Quick Start Guide

Copyright © 2019 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Amey VarangaonkarAcquisition Editor: Aditi GourContent Development Editor: Mohammed Yusuf ImaratwaleTechnical Editor: Ralph RosarioCopy Editor: Safis EditingProject Coordinator: Kinjal BariProofreader: Safis EditingIndexer: Mariammal ChettiyarGraphics: Alishon MendonsaProduction Coordinator: Aparna Bhagat

First published: January 2019

Production reference: 1310119

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78980-403-4

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributors

About the author

Anurag Srivastava is a senior technical lead and has more than 12 years of experience. He is proficient in designing architecture for scalable and highly available applications. He has handled development teams and several clients from all around the globe in the last 10 years of his professional career. He is experienced with using the Elastic stack (Elasticsearch, Logstash, and Kibana) to create dashboards using system metrics data, log data, application data, and relational databases.

About the reviewer

Giacomo Veneri (1973) was born in Siena, Italy. He is an expert on data processing and Industrial Internet of Things. Working actively as a digital manager, he is the author of several books, including Maven Build Customization and Hands-on Industrial Internet of Things. He graduated from the University of Siena in Computer Science in 1999, and received his PhD in 2014 in neuroscience and neural computation.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Kibana 7 Quick Start Guide

Dedication

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Conventions used

Get in touch

Reviews

Introducing Kibana

Elastic Stack

Elasticsearch

Logstash

Kibana

Beats

Filebeat

Metricbeat

Packetbeat

Auditbeat

Winlogbeat

Heartbeat

Use cases of Elastic Stack

System Performance Monitoring

Log Management

Application Performance Monitoring

Security, Monitoring, and Alerting with Elastic Stack

Security

Monitoring

Alerting

Data Visualization

Installing Elastic Stack

Elasticsearch

Installation using the tar file

Installation using Homebrew

Installation using MSI Windows installer

Installation using the Debian package

Installation with the RPM package

Logstash

Using APT Package Repositories

Using YUM Package Repositories

Kibana

Installing Kibana with .tar.gz

Installing Kibana using the Debian package

Installing Kibana using RPM

Using zypper on OpenSUSE-based distributions

Installing Kibana on Windows

Beats

Packetbeat

Metricbeat

Filebeat

Summary

Getting Data into Kibana

Difference between Beats and Logstash

Configuring Beats to get data

Filebeat

Packetbeat

Metricbeat

Configuring Logstash to get data

Configuring Logstash to read CSV data

Configuring Logstash to read RDBMS data

Configuring index patterns in Kibana

Summary

Exploring Data

Discover your data

Limit Your Field Display

Expanded View of the Data

Dissect Your Data

The time Filter

The Quick Time Range Filter

The Relative Time Range Filter

The Absolute Time Range Filter

The Recent Time Range Filter

Search bar to search your data

Filter Your Data

Save Your Filtered Data

Save Your Search

Manage Saved Searches

Summary

Visualizing Data

Data visualization

Data aggregation

Visualization types

Area chart

Heat map

Pie chart

Data table

Metric

Tag cloud

Inspecting visualizations

Sharing a visualization

Dashboard

Summary

X-Pack with Machine Learning

Introduction to X-Pack

Installation

Security

Role management

User management

Monitoring

Alerting

Reporting

Machine learning

Single-metric job

Multimetric job

Summary

Monitoring Applications with APM

APM components

APM agents

APM Server

Install APM Server

APT

YUM

Install APM Server on Windows

Run APM Server

Configure dashboard using APM Server

APM Server monitoring

Elasticsearch

Kibana

Configure Django application with APM

Summary

Kibana Advanced Tools

Timelion

.es() function

.static() function

.bars() function

.points() function

.color() function

.derivative() function

.label() function

.range() function

.holt() function

Use cases of Timelion

Dev Tools

Console

Search Profiler

Grok Debugger

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Kibana is an open source data exploration and visualization platform. It is part of Elastic Stack, where we have Elasticsearch, Logstash, and Beats, along with Kibana. Using Kibana, we can explore data visually and can analyze it in real time. Kibana enables us to implement APM for application performance monitoring and Timelion enables us to play with time-series data. Then we have Dev Tools, by means of which we can run Elasticsearch queries direct from the Kibana interface. We have ML, by means of which we can predict future trends or ascertain anomalies in the data. Kibana provides us with Reporting, through which we can export CSV or PDF reports, Monitoring, to get insights into the complete Elastic Stack, and Watcher, to alert you in the event of any issue with the data.

Kibana, along with other Elastic Stack components, provides us with full-stack monitoring capability. Using Beats, we can get system metrics, log data, packet data, and so on. Logstash enables us to retrieve data from any other possible sources, including DBMS, CSV, or any other third-party tool, and then, using APM, we can fetch application data to monitor application performance. In this way, using Kibana, we can have an end-to-end monitoring system where a single dashboard can show all key performance indicators.

This book is there to help you understand the core concepts and the practical implementations, by means of which you can start using Kibana for a variety of use cases. It covers how to ingest data from different sources, using Beats or Logstash, into Elasticsearch, and then how to explore, analyze, and visualize it in Kibana. It covers how to play with time-series data to create complex graphs using Timelion and show them on your dashboard along with other visualizations, and then how to embed your dashboard or visualization on a web page. You will also learn about APM to monitor your application by installing and configuring the APM server and APM agents. We have also covered different X-Pack features, such as user and role management under security, alerting, monitoring, and ML. This book will also explain how to create ML jobs to find anomalies in your data.

Who this book is for

This book is for anybody who wants to explore data. We used to obtain data from different sources, which can be scattered. Using Kibana, we can arrange, analyze, and visualize it, and can then retrieve the relevant information from that diffuse data. For this book, no prior knowledge is required, and anyone can start working on Kibana using the simple introduction and practical implementations in the book. In this book, the focus is on a practical approach, where aspects are explained using practical examples, images, and a stepwise approach, where you need to sequentially follow a number of steps in order to achieve something. In this way, it is quite easy to understand the topics and you can easily implement the given steps

What this book covers

Chapter 1, Introducing Kibana, introduces Elastic Stack, where we explain the different components of Elastic Stack, including Elasticsearch, Logstash, Kibana, and different Beats. The introduction is followed by an explanation of the different use cases of Elastic Stack, including System Performance Monitoring, where we monitor system performance, Log Management, where we collect different logs and monitor them from a central location, Application Performance Monitoring, where we monitor our application by connecting it to a central APM server, Application Data Analysis, where we analyze the application data, Security Monitoring and Alerting, where we can secure our stack using X-Pack and monitor it regularly, while also being able to configure alerts to keep an eye on any change that may impact system performance, and finally Data Visualization, where we use Kibana to create different types of visualizations using available data.

Chapter 2, Getting Data into Kibana, covers different ways to get data in Elasticsearch. We examine how Beats can be installed on a server to send data, since they are lightweight data shippers. Under Beats, we cover Filebeat, for reading file data, including apache logs, system logs, and application logs, and can then send these logs to Elasticsearch directly or using Logstash. We configure Metricbeat to read system metrics, such as CPU usage, memory usage, MySQL metrics, and Packetbeat, by means of which we can read network packet data to glean insights from it. After that, we cover how Logstash can be used to get the data and apply filters before sending it to Elasticsearch.

In the first section, we cover how to fetch CSV data using Logstash, where we pass a CSV file as input and specify the columns to send the data to Elasticsearch. After that, we explain how to configure the JDBC plugin to fetch MySQL data by running the SQL statement and applying the tracking column, by means of which the incremental data can be fetched in Logstash. After reading the MySQL data, it is pushed to Elasticsearch for analysis. Using Beats and Logstash, we can push data into Elasticsearch but, in order to analyze and visualize the data, we need this data in Kibana and, for that, we have to create index patterns in Kibana. Once the index pattern is created, we can see the data under the Discover option in Kibana, where we can apply a filter, run queries, and select fields to display.

Chapter 3, Exploring Data, describes Kibana Discover, and how we can explore data using Discover. In the beginning, we cover how to discover your data by means of different options provided in Kibana Discover, including how to limit the number of fields to display in order to focus on the dataset, which is more relevant than the other not so relevant fields. Then, we discover how to expand a document display to check all available fields, along with the option to view surrounding documents and single documents. From this screen, we can also apply the filter to any field. Then, we cover different ways to dissect our data, including filtering the data by applying the time-based filter, filtering the data based on different document fields, and applying queries to your dataset. We then explore how to save the searched data so that this search data, along with filter options, can be available to us whenever we want to use them again. After saving the search data, we can also export it from Kibana and save it into a file that can later be imported back intoKibana.

Chapter 4, Visualizing Data, explains how to visualize the data once it is available in Kibana after creating the index pattern. We begin with basic charts, where we cover a number of chart creations, including the area chart, heat map, and pie chart. We also explain how we can transform one type of chart into other by taking the examples of the area chart, line chart, and bar chart in the same way that we can change a pie chart into a donut, or vice versa. After that, we delve into data tables, by means of which we can generate tabular visualizations of data in which we can add additional metrics columns, along with actual data columns. We then cover metric-type visualizations, where we can display some metric values and tag clouds, which can be used to display word clouds with a link to filter out the data accordingly.

Chapter 5, X-Pack with Machine Learning, explains how X-Pack adds additional features to the existing Elastic Stack setup. We begin with an introduction to X-Pack, followed by the X-Pack installation process. We then delve into the different features of XPack, such as security, by means of which we can secure our Elastic Stack. As regards security, we cover user and role management by creating users, and roles, and then assign roles to the users. Following on from security, we cover monitoring, from the perspective of both an overview and a detailed view, where we can see the search and indexing rate. We then cover alerting, where we configure watch to send alert notifications by email. Following on from alerting, we cover reporting, by means of which we can generate CSV or PDF reports and download them. Finally, we cover ML, by means of which we create single- and multi-metric jobs and analyze the data by finding the anomaly and predicting future trends.

Chapter 6,Monitoring Applications with APM, covers Elastic APM and explains how we can monitor an application. We begin with APM components, which are APM Agents, APM Servers, Elasticsearch, and Kibana. After that, we delve into each of them in detail. APM Agents are open source libraries that can be configured in any of the supported language/libraries. Currently, we have support for Django and flask frameworks for Python, Java, Go, Node.js, Rails, Rack, RUM - JS, and Go. We can configure them to send application metrics and errors to the APM Server. We then cover the APM Server, which is again an open source software written in Go. The principal task of the APM Server is to receive data from different APM Agents and send it to Elasticsearch Cluster. Elasticsearch takes the APM data, which can be viewed, searched, or analyzed in Elasticsearch. Once data is pushed in Elasticsearch, we can display it in Kibana using a dedicated APM UI or through the Kibana Dashboard.

Chapter 7, Kibana Advanced Tools, describes Timelion and Dev Tools, which are quite useful tools in Kibana. We begin with an introduction to Timelion, and then different functions that are available in Timelion, such as the .es() function to set the Elasticsearch data source, and its differentparameters, such as index, metric, split, offset, fit, and time field. We then cover other functions, such as  .static(), to create static lines on the x-axis, the .points() function to convert the graph into a point display, the .color() function to change the color of the plot, the .derivetive() function to plot the difference in value over time, the .label() function to set the label for data series, the .range() function to limit the graph display between a particular min and max range, and finally the .holt() function to forecast the future trend or to ascertain the anomaly in the data. For a complete reference of functions, we can refer to the help section in Timelion. We then cover the use cases of Timelion.After Timelion, we describe Dev Tools, by means of which we can do multiple things. After the introduction to Dev Tools, we cover different Dev Tools options, including Console, by means of which we can execute Elasticsearch queries and can get the response on the same page. We then examine the Search Profiler, through which we can profile any Elasticsearch query by getting the details of the query components. Finally, we look at Grok Debugger, where we can create the Grok Pattern to parse sample data, thereby enabling the unstructured sample data to be converted into structured data. This structured data can then be used for data analysis or visualization and suchlike.

To get the most out of this book

To get the most out of this book, no prior knowledge is required. Anyone who wants to analyze their data can use this book to learn how to do so.

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at

www.packt.com

.

Select the

SUPPORT

tab.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at