Setting up a Small Kibana Dashboard for Elasticsearch

This is part 3 in a series of guides I have written about running a personal Elasticstack. You can check out the other parts in the series here:

  1. Building Your Environment in AWS
  2. Setting up and Installing Elasticsearch
  3. Setting up Kibana
  4. Using a Proxy for Kibana with HAProxy
  5. Enabling Security and Using Password Authentication
  6. Making Kibana Internet Accessible with Cloudfront
  7. Securing Cloudfront with Security Groups
  8. Inserting Data into Elasticsearch with Logstash

Step 1: Setup Instance and OS

I am going to be using a t3a.nano with Centos 7 to save costs. They have a 10GB root drive. Kibana stores most of its data in the Elasticsearch instance, so you aren’t going to need much disk space for it.

First start by ensuring your OS is up to date. Run an update if you haven’t already.

sudo yum update

I will be using Vim throughout these guides, so install it if you fancy.

sudo yum install vim

Additionally you might want to add some swap space to the server, as we are going to be running on a nano, which has very little resources. But just enough for a single user Kibana.

See here about adding swap space to your server.

Step 2: Install Kibana from the Repository

You can check out the official documentation on installing Kibana here.

Start by importing the repo key.

sudo rpm --import

And creating a repo file.

sudo vim /etc/yum.repos.d/kibana.repo

Add the below to the file, and save it. (May change in later versions)

name=Kibana repository for 7.x packages

Now simply install via the repo. This may take a while, especially on the small instance type I am using.

sudo yum install kibana

When this is finally finished, its time to edit the config.

Step 3: Edit Kibana Config

Start by opening up the Kibana config file, kibana.yml. It is in /etc/kibana if you installed it via the repo.

sudo vim /etc/kibana/kibana.yml

I use the below config, most of it can be left default for now. You can check out the official documentation regarding any of the other settings.

# kibana.yml
server.port: 5601 "" "Dashboards-Kibana-1"
elasticsearch.hosts: [""]
  1. The port for the UI. (This is default, I like to be specific)
  2. The IP address of the server Kibana is installed on
  3. The name you would like to call this instance of Kibana
  4. The Elasticsearch node you would like to query. (I have used my first node)

Step 4: Start Your New Kibana Up

If you would like it to start up every time you boot, run the below commands:

sudo systemctl daemon-reload

sudo systemctl enable kibana.service

You can now start and stop kibana with:

sudo systemctl start kibana.service

sudo systemctl stop kibana.service

Startup may take a while the first time, as it has to create a series of indices in your Elasticsearch.

You can check the progress of startup in the system journal with:

sudo journalctl -xef --unit kibana

If you would like to check if its running locally, you can request the home page with:

wget <your_ip>:5601

You should recieve an index.html file that, when opened, will contain Kibana stuff.

Step 5: Navigate to Your Dashboard

Now all that is left is to navigate to your new Kibana dashboard in a browser on port 5601. You may have to set up a Security Group to allow your local IP access if you are using AWS.

Now you are ready for the next step, where we set up a proxy for Kibana. I prefer to use a proxy to help with security and make it so that the Kibana instance is not exposed to the internet in any way. We also don’t set up any firewalls on the nodes to cut costs, so we are going to need a way to firewall our cluster. So take a look at Part 4: Using a Proxy for Kibana with HAProxy.

Any thoughts, concerns, mistakes? Let me know in the comments or via the Contact page.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s