☩ Walking in Light with Christ – Faith, Computing, Diary

I saw Kibana in my professional career and I find it a very interesting tool for sysadmins, so I thought it might be helpful to someone out there to write a small article on how to install and use to to visualize data inside some elasticsearch software.

Kibana is an open-source data visualization and exploration tool used to analyze large volumes of data, especially logs. It is part of the ELK Stack (Elasticsearch, Logstash, Kibana), and is commonly used for centralized log management, security monitoring, and observability.

Kibana is often used in the so-called ELK pipeline for log file collection, analysis and visualization:

• Elasticsearch is for searching, analyzing, and storing your data
• Logstash (and Beats) is for collecting and transforming data, from any source, in any format
• Kibana is a portal for visualizing the data and to navigate within the elastic stack
   

In this article, you'll learn how to:

• Install Kibana
• Connect it to Elasticsearch
• Visualize log data
• Use its basic features

Prerequisites

Before installing Kibana, make sure you have the following:

• A Linux server running (Ubuntu / Debian / CentOS / RHEL)
• Elasticsearch installed and running
• Root or sudo access

Install Kibana

I. On Debian/Ubuntu
 

1. Import the Elastic GPG key:
   

# wget -qO – https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –

2. Add the repository:
   

# echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list

3. Update and install:
   

# apt update

# apt install kibana

II. On RHEL/CentOS Linux

1. Create repo file:
   

# tee /etc/yum.repos.d/elastic.repo <<EOF

[elastic-8.x]

name=Elastic repository for 8.x packages

baseurl=https://artifacts.elastic.co/packages/8.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

EOF

2. Install Kibana:
   

# yum install kibana

2. Configure Kibana

The configuration file is located at:

/etc/kibana/kibana.yml

Edit the file:

# vim /etc/kibana/kibana.yml

Update or add the following:
 

# Server settings
server.port: 5601
server.host: "0.0.0.0"

# Elasticsearch connection
elasticsearch.hosts: [“http://localhost:9200”]

# Logging
logging.level: info

# Security (only if Elasticsearch security is enabled)
# elasticsearch.username: "kibana_system"
# elasticsearch.password: "your_password_here"

Optional: Set basic auth or SSL settings if needed.

3. Start and Enable Kibana

# systemctl enable kibana

# systemctl start kibana

Check status:

# systemctl status kibana
…

4. Access Kibana Web Interface

Open your browser and go to:

http://<your-server-ip>:5601

You’ll be welcomed with the Kibana dashboard.

5. Import and Visualize Logs

Option A: Use Filebeat to Send Logs

Install Filebeat on the server with logs and configure it to send data to Elasticsearch. Kibana will then be able to visualize it.

# apt install filebeat

# filebeat modules enable system

# filebeat setup

# systemctl start filebeat

Option B: Ingest Logs via Logstash or Elasticsearch API

If you already have data in Elasticsearch, Kibana will automatically detect indices.
 

6. Create Index Pattern

1. In Kibana, go to Stack Management -> Index Patterns
2. Click Create Index Pattern
3. Enter the name (e.g., filebeat-*)
4. Select the timestamp field (usually @timestamp)
5. Save

Now Kibana knows how to query and visualize your data.

7. Create Visualizations and Dashboards

1. Go to Visualize -> Create visualization
2. Choose a type (bar, pie, line, etc.)
3. Select an index pattern
4. Configure metrics and buckets

You can then save visualizations and add them to dashboards.

8. Secure Kibana

• Configure TLS/SSL for Kibana / ElasticSearch (such as Logstash)
• Use additional Elastic Security features like RBAC (Role Based Access Control, SSO (Single Sign On)
• Secure Kibana with a reverse proxy (e.g., Nginx + Basic Auth or Apache / Haproxy infront)

Example Nginx config simple snippet:

location / {

  proxy_pass http://localhost:5601;

  auth_basic "Restricted";

  auth_basic_user_file /etc/nginx/.htpasswd;

}

What is Kibana used for and what it can do for you?

Use Case	Description
Log Monitoring	Visualize system and application logs in real time
Security Analytics	Detect anomalies, failed logins, suspicious activity
DevOps Dashboards	Track uptime, error rates, and system performance
SIEM	Use Elastic Security for threat detection

 

Once Kibana is installed on a server, you typically use it to visualize and explore data stored in Elasticsearch. Here’s a practical guide with sample usage scenarios:

Access Kibana

After installation, Kibana usually runs on port 5601 by default.

http://<your-server-ip>:5601

• Open this URL in a browser.
• You should see the Kibana dashboard.

Connect to Elasticsearch

Kibana automatically connects to your Elasticsearch instance if installed locally.
You can verify the connection:

GET /_cluster/health

• Go to Dev Tools → Console in Kibana.
• Run the above query to check cluster status.

Visualize Data

Kibana allows multiple types of visualizations:

• Bar/line chart: trends over time.
• Pie chart: distribution of values.
• Data table: top IP addresses or most visited URLs.
• Maps: geolocation of IP addresses.

Create Dashboards

• Combine multiple visualizations in a Dashboard.
• Useful for monitoring logs, metrics, or application performance.
• Example: Create a dashboard with:

   

  • Requests per URL (bar chart)
  • Requests over time (line chart)
  • Top client IPs (data table)
  • Errors by type (pie chart)

 Search & Query Logs

• Use Discover to search logs interactively.
• Example KQL query:

status:500 AND url:"/login"

This finds all failed login requests.

Set Alerts (Optional)

• Kibana’s Alerts and Actions can trigger notifications (email, Slack, etc.) when certain thresholds are crossed.
• Example: alert if error responses exceed 100 in 5 minutes.

Once Kibana is installed on a server, you typically use it to visualize and explore data stored in Elasticsearch. Here’s a practical guide with sample usage scenarios:

Access Kibana

After installation, Kibana usually runs on port 5601 by default.

http://<your-server-ip>:5601

• Open this URL in a browser.
• You should see the Kibana dashboard.

Connect to Elasticsearch

Kibana automatically connects to your Elasticsearch instance if installed locally.
You can verify the connection:

GET /_cluster/health

• Go to Dev Tools → Console in Kibana.
• Run the above query to check cluster status.

Visualize Data

Kibana allows multiple types of visualizations:

• Bar/line chart: trends over time.
• Pie chart: distribution of values.
• Data table: top IP addresses or most visited URLs.
• Maps: geolocation of IP addresses.

Create Dashboards

• Combine multiple visualizations in a Dashboard.
• Useful for monitoring logs, metrics, or application performance.
• Example: Create a dashboard with:
   
  • Requests per URL (bar chart)
  • Requests over time (line chart)
  • Top client IPs (data table)
  • Errors by type (pie chart)

 Search & Query Logs

• Use Discover to search logs interactively.
• Example KQL query:

status:500 AND url:"/login"

This finds all failed login requests.

Set Alerts (Optional)

• Kibana’s Alerts and Actions can trigger notifications (email, Slack, etc.) when certain thresholds are crossed.
• Example: alert if error responses exceed 100 in 5 minutes.

Once Kibana is installed on a server, you typically use it to visualize and explore data stored in Elasticsearch. Here’s a practical guide with sample usage scenarios:

Access Kibana

After installation, Kibana usually runs on port 5601 by default.

http://your-server-ip:5601

• Open this URL in a browser.
• You should see the Kibana dashboard.

Connect to Elasticsearch

Kibana automatically connects to your Elasticsearch instance if installed locally.
You can verify the connection:

GET /_cluster/health

• Go to Dev Tools → Console in Kibana.
• Run the above query to check cluster status.

Visualize Data

Kibana allows multiple types of visualizations:

• Bar/line chart: trends over time.
• Pie chart: distribution of values.
• Data table: top IP addresses or most visited URLs.
• Maps: geolocation of IP addresses.

Create Dashboards

• Combine multiple visualizations in a Dashboard.
• Useful for monitoring logs, metrics, or application performance.
• Example: Create a dashboard with:
  • Requests per URL (bar chart)
  • Requests over time (line chart)
  • Top client IPs (data table)
  • Errors by type (pie chart)

 Search & Query Logs

• Use Discover to search logs interactively.
• Example KQL query:

status:500 AND url:"/login"

This finds all failed login requests.

Set Alerts (Optional)

• Kibana’s Alerts and Actions can trigger notifications (email, Slack, etc.) when certain thresholds are crossed.
• Example: alert if error responses exceed 100 in 5 minutes.

Sample Kibana dashboard
 

Kibana with connected servers to find out Geo Location
 

Summary closing words (what we did)

Step	Action
1	Install Kibana from Elastic repo
2	Configure to connect to Elasticsearch
3	Start and enable the service
4	Access it via http://<ip>:5601
5	Ingest log data
6	Define index pattern
7	Create dashboards and visualizations

The idea of this article was just to introduce you to the existence of Elasticsearch / kibana and filebeat and logstack and not to give you a fully fine tuned install guide. The usual way to deploy Kibana on multiple servers of course is using a dockerized container version of it. There is plenty to learned on how to use kibana to do a monitoring of your machines. But most simple use is to directly access the locally visible kibana on a server and check the status of processes on the host instead of logging via SSH. Kibana can do pretty much

Some further useful Reading Resources

• Kibana Docs: https://www.elastic.co/guide/en/kibana/index.html
• Filebeat Docs: https://www.elastic.co/guide/en/beats/filebeat/index.html
• Logstash Docs: https://www.elastic.co/guide/en/logstash/index.html