One of the great features in Kibana (part of the ELK Stack) is the ability to share data with team members. You can publicly share specific visualizations or even entire dashboards with anyone that needs to see the same information that you’re viewing in Kibana.
Logz.io has taken it up a notch by applying some extra enhancements to this feature and making it enterprise-grade with the ability to use access user tokens that allow you to share Kibana visualizations and dashboards safely and securely with the outside world. The latest addition to this feature allows you to filter the information you wish to share by associating log field filters to specific user tokens.
Using tokens and filters is one method that you can use to enable role-based access to the ELK Stack in your organization by which different team members have access to different information. Logz.io also has a user-management system in place that allows you to manage your organization. More about that in a future post.
This article will show you how to use tokens and filters to spread the Kibana goodness with an added layer of security.
Using user tokens
When sharing Kibana data, there is no established mechanism to make sure that data is safe. Logz.io provides a solid, advanced method of securing this information with access tokens. Using tokens — as opposed to using the regular share URL function in Kibana — will enable you to share visualizations and dashboards with people who are not even Logz.io users.
The access tokens are managed within the Logz.io interface in the Settings section:
Here, you can add and remove new user tokens as you see fit and as the need arises.
When sharing a visualization or dashboard within Kibana, these tokens can then be easily selected and applied to the request URL that you are sharing.
Needless to say, the person with whom you are sharing the data does not have to be a Logz.io user — he will be able to see exactly the same information, even if he has never heard of Logz.io before.
Sharing filtered Kibana information
What if you do not want to share all of the data? There are a number of reasons you might want to filter the data such as wanting to maintain strict security or not wanting to drown teammates in unnecessary log noise. Logz.io enables you to narrow the access granted by a token to a specific field type and value.
For example, say that you have a dashboard setup in Kibana showing various statistics on all the logs coming into your system but would like to only share data relating to Apache logs. To filter the data, first define a new filter type in the Token Filters section on the User Tokens settings page.
When creating a new filter, you are required to enter the following information:
- Description – A short description of the filter for display purposes
- Field – The exact field name you want to filter the data by (e.g. type)
- Value – The exact value for the field you entered above you want to filter the data by (e.g. apache_access)
Save the filter once done.
Then, click Attach Filter for the token with which you wish to associate the filter, and select the filter.
Don’t forget to click Save to apply the changes.
Back in Kibana, open the visualization or dashboard you wish to share, click the Share icon and select the token you want to use in the request URL. There is no need to define the filter since it is automatically associated with the token.
All that’s left to do is share the URL.
If you think your visualization will be useful to other users, you can contribute it to the Logz.io ELK Apps — a free library of pre-made Kibana searches, alerts, visualizations and dashboards that is tailored for specific log types and use cases. (More information on ELK Apps is here.)