For updated tutorials and best practices, check out our additional Kibana resources.
Following our previous post on upgrading to Kibana 4.0, we recently upgraded again to Kibana 4.1 and wanted to share with the community about all of the cool features in the new version that we have found to be very useful.
With the new Kibana 4.1 as part of the ELK Stack, users can set the field type and the presentation format. Kibana will honor this type in all presentation options. The field types available for a String is either a plain String or a URL. If URL is selected, then Kibana will display a clickable URL whose format can be set.
For Number, you can set the following types: URL, Bytes, Number (default), Percentage and String. If you select Number of Bytes, you can also define how the value will be formatted — a feature that is very useful when dealing with either large numbers or high-precision, decimal point numbers:
How do define the field types
Click on the Settings tab and select the Indices subtab:
Click on the edit button to the right of the field name that you would like to change:
For a complete list of formatting options, see this information on GitHub.
How we at logz.io are using field types
We make sure to define the proper types for all numeric fields – this assures a proper presentation as shown here:
We also format Strings that are URLs as active links to those pages. If you read our post on using log analysis for technical SEO, for example, you will see that we have changed all of the URLs in that example to active links.
Have you ever wanted to take the filters you apply to your Kibana dashboard and also apply them to the Discovery section? Kibana 4.1 now makes it possible with sticky filters. When you define a filter, you can now “pin it,” which means that it goes with you wherever you go in the software interface. This is very convenient when you are trying to troubleshoot an issue that you see in a dashboard, and you want to drill down to see all relevant events in the Discovery tab.
How do I do that?
To pin a filter to any view, hover over the filter and then click on the “pin it” icon. See this example:
Pinned filters are marked with a small pin icon to the left:
We are still waiting for the folks at Kibana to add the ability to edit the filter like it was possible in Kibana 3, but the ability to pin filters is a great improvement.
Saved Dashboard-Specific Timeframes
If you are using different dashboards for different purposes, you can now save the specific timeframes that you have used within each dashboard configuration. Our DevOps engineers at Logz.io, for example, have many dashboards — some of them are used for business intelligence and look back six months while others are for IT operations and look back at the last fifteen minutes. Until now, this required us to set the desired timeframe every time we switched dashboards. Those days are over.
How do we do that?
When you save a dashboard, you can now select whether you want to save the timeframe in the dashboard:
New charts (bubble chart and heat map)
This feature is a little tricky to find because it’s not actually a set of new charts but rather additions to existing charts.
Bubble charts (as a part of the line charts)
To generate a bubble chart, you first need to create a line chart where you have your X and Y axis represent that values that you want to show.
Then, you need to go into the options, uncheck the option “Show Connecting Lines,” and make sure that “Show Circles” is checked.
Then, go back to the Data tab, add a secondary aggregation on the Y axis, select “Dot Size” as the aggregation, and define the relevant aggregation you want to have on the Z axis, which is being presented on the actual bubble chart.
This is not the easiest thing to do, but the results are very impressive. Obviously, you can select different aggregations on the X-axis to generate a more colorful graph.
Heat map (as part of the TileMap)
Tile maps can now present data on heat maps. The new heat maps do not have stellar usability, which makes it a lot more complicated to understand.
To see data in heat map form, click on the Options tab and select “Heatmap” in the Map type drop-down:
The options can be a little confusing, so I will explain what they are and what they mean:
— Radius – This is the size of each one of the dots on the map. If you have a lot of data, you should choose a higher radius to see any overlap.
— Blur – The level of each dot’s blurriness. The more blurry the dots are, the more overlap is needed to create a meaningful difference in color.
— Maximum zoom – The zoom of the map at which all dots are displayed at maximum intensity.
— Minimum opacity – The minimum opacity (level of transparency) of each dot.
Again, I would state that this is a great feature that offers a poor user experience — at least in this first version — and my recommendation is to play with these parameters until the heat map is presented in the best way for your environment.
Object Import and Export
When you develop your visualizations in staging and want to move them to production, the best way to do so is to use the Import and Export capabilities in Kibana 4.1. The export is done with a json format, and you can import the object back into an any instance of Kibana 4.1.
We at Logz.io are not really using this feature because we have built an internal method for migrating objects, but I can see how this would be a very useful capability to have in a large environment where you’d want to test features in staging before deploying them to your production environment.
How do I do that?
If you go to the Settings tab under the objects, you can select either to export all or to select a few objects and export them. This function is fairly easy to use, and you immediately see the json object that you have exported:
Kibana 4.1 is a great improvement over Kibana 4.0, and by the look of it, Kibana 4.2 will surely have some major improvements that we can’t wait to get our hands on. So, all in all, this update is a great work by the Kibana team!