Tyler Voll

Writer - System Admin

You’ve heard of the LAMP Stack, the LEMP Stack, and you might have even heard of the MEAN stack, but have you heard of the ELK Stack? As an aspiring Linux System Administrator, I’ve had experience deploying servers on the former stacks, but the latter I haven’t really taken the time to play with. That is, until today. Like all stacks, ELK consists of a collection of technologies that rest on top of each other, complementing each other in order to accomplish a desired end goal. The ELK Stack’s goal is to make internalizing logs and data a much easier experience for your server(s). The technologies represented in the stack consists of [E]lasticsearch, [L]ogstash, and [K]ibana.

The best way to think of these technologies is a Search Tool, a Log Router, and a Log Visualizer; all working together to help take control of your data and analytics. These tools can be crucial as they can help decide business decisions along with the future development of services. Having a strong understanding of your current data trends enables you to be more prepared and aware of how your system(s) are being utilized.

The rest of the article will focus on using the ELK Stack after it has been installed, by getting and sorting data from Kibana. While all parts of the stack are important and are needed, Kibana is the front-end visualizing tool that is used for getting a greater understanding of the data you have put into it. If you are wanting to test it out yourself before giving it a go, check out the free demo available by elastic.co! For instructions on installing the ELK Stack (for Ubuntu Server or CentOS), I found these guides to be good resources.

The Kibana Dashboard

Once you have the ELK Stack properly installed, you can begin utilizing it's features. The first thing that you will see when opening up your web page for Kibana will be a dashboard, displaying visuals and tidbits of information about the data that you currently have going through the ELK stack. This dashboard can be customized so that it specifically shows data relevant to you.

Kibana's Dashboard

Discovering Data Trends within Kibana

When it comes to discovering data trends within Kibana, the Discover tab within the Kibana web page can be used to search through your data, using specific fields to search for information represented in your data.

Kibana Discover

If you are wanting to sort your data by a specific field relevant, you can select it on the left side of the discover tab in order to add it to your search, effectively filtering your results.

Kibana Filtering by Fields

For this example, I will be filtering by the apache2.access.geoip.country_iso_code field. This way Kibana will only show Country Codes from the logs.

Kibana Filtered

I like these results, but what if I was wanting to change the time frame of my search into something much smaller? While it's currently set for the Last 24 Hours, the search can be geared to many different ranges.

Once I have the time range set for the Last Hour, the search will automatically configure itself to only show information represented within that newly selected time frame.

Kibana Last Hour

 So now, you might be thinking, big whoop, I can search through my data that i've imported into Kibana and filter it out. What else is there?

Well, remember earlier when selecting a field to filter our search by? It had a visualize option on it that kind of looked like this:

Kibana Visualize Example

If we select the visualize option on that field, we are able to customize our own visualization of the information represented by that field.

What is a visualization? Well, it can be a bar graph, a pie chart, you name it.

Kibana Graph

Want to customize your visualization a little bit? Look above where your settings are and you'll be able to modify the appearance of your visualization.

Kibana Graph Customization

Inside of these settings, you can easily alter the appearance of your data. When you have selected the options that you believe fit, press the play button on the top right to see your changes take effect.

Kibana Changed Graph

Impressed with the data you've collected or the visualization that you've created? It doesn't have to end there. You can save your searches and your visualizations by selecting the save button above.

That way, there is no need to recreate your visualizations when wanting to display it. There is also a share button beside the save, which can be used to share a snapshot of your webpage with others.

Kibana Save

Not sure what type of visualizations to create? Select the Visualize tab on the left of Kibana and you will see a lot of pre-generated visualizations waiting for you regarding many different fields represented in your data. 

Pretty handy! You can practically visualize the possibilities.

Kibana Visualize

Each of those visualizations represented are displayed in their own type of way. As can be seen under the Type section of your results.

While these are pre-generated for this instance, it doesn't mean that they can't be changed. You can select any of those results and modify the view of how the data appears into anything you desire.

While these are a few of the basics of utilizing Kibana within the ELK stack, there is plenty more to the software. Stay tuned and I might have the opportunity to share more as I utilize this nifty technology!

Once again, if you are interested in trying out Kibana without going through the work of installing it on your own server, elastic.co hosts a efficient demo that anyone can pick up and play around with.

Interested in creating your own server on the fly? Check out digital ocean and save some money with my promotional code and help support this website. You can deploy just about everything on Digital Ocean, and they have a wonderful interface that makes server work very enjoyable.

tags:
Back to Top