Embrace your events bear hug your data

Very visible Instant insight

Your events don't want to be hidden away in a text file. They don't want to be compressed and forgotten every night. Your data wants to be seen, it wants to help and be useful. Bring together with Logstash, Elasticsearch and Kibana and let your data shine. Let it be graphs and provide the kind of visibility that will have you identifying issues, and creating solutions, faster than ever before.

But How?! Like this

Your applications produced the data. Logstash shipped it, structured it and stored it in Elasticsearch. Kibana takes the power of Logstash and Elasticsearch and makes it available to your entire team. To the right you'll find a short video and below, a short primer on using Kibana to get the most out of your mountain of data.

Search Find one event or one million.

Do it the easy way Just type and go

Find the word 'preztels' in any field of any event, even if you never used a Logstash filter to define a single field

pretzels

Or Get Fancy Use Lucene to get it just right

Search for every event containing chips AND dip OR salted peanuts. Round brackets let us group terms, double quotes group terms into whole phrases. Important: Operators such as AND and/or OR must be CAPITALIZED

(chips AND dip) OR "salted peanuts"

Find every log with "nachos" in the snack field

snack:"nachos"

We can also search numerical ranges. Such as finding every log with anything in the snack field, and with more than 300 calories.

snack:* AND calories:[300 TO *]

Columnize You found them, now make them look good.

Get it all Until you know what you want

Normally, Kibana will show you Logstash's @message field, since @message contains your unparsed event.

Get to know it

Click on an event to expand a details pane with all of your fields laid out nicely

Get specific Unparsed logs are confusing

But if you wanted unparsed events you'd still be using tail and grep and grinding corn with a rock against another rock. Select some fields from the "Show Fields" section on the left to columnize your data and view and compare only the fields you really need.

Graph and interact Steep mountains, shallow valleys

See it

Kibana charts occurances of your search over time. It can also charge the average of Elasticsearch fields stored as numbers

Poke it

Click and drag the graph to select time segments and narrow down your search. Hover over bars for exact counts.

Score, trend and calculate Numbers matter too

Lets do the math

Kibana can count things up for you. See the top values for any field. Identify popular webpages or common errors.

Kibana's statistical mode will chart average values and provide you with the minimum, maximum, mean and further useful analysis of numerical fields.

Change is good Except when it isn't

Just knowing total is useful, but sometimes we need to know how things are changing. The trend button can identify the biggest changes in values by scoring counts at the beginning and end of your selected time frame and ranking by that change.

And more Order now! Oh wait, its free.

RSS Feeds

Turn any search into a live RSS feed with the click of a button. Records link back to individual events that you can use build new queries

Streaming Dashboards

Watch events stream past in near-real-time. Create dashboards of anything, with the same customizable columns as you enjoy everywhere else.

And its pretty quick too

Logstash breaks your elasticsearch data into daily indices. Kibana searches only the indices matched by your timeframe to try to give you results as fast as possible.