kibana-4.1.1

Following our previous post on upgrading to Kibana 4.0, we recently upgraded again to Kibana 4.1 and wanted to share with the community about all of the cool features in the new version that we have found to be very useful.

Field Types

With the new Kibana 4.1 as part of the ELK Stack, users can set the field type and the presentation format. Kibana will honor this type in all presentation options. The field types available for a String is either a plain String or a URL. If URL is selected, then Kibana will display a clickable URL whose format can be set.

For Number, you can set the following types: URL, Bytes, Number (default), Percentage and String. If you select Number of Bytes, you can also define how the value will be formatted — a feature that is very useful when dealing with either large numbers or high-precision, decimal point numbers:

decimal point numbers

How do define the field types

Click on the Settings tab and select the Indices subtab:

settings tab indicies subtab

Click on the edit button to the right of the field name that you would like to change:

edit to change field name

For a complete list of formatting options, see this information on GitHub.

How we at logz.io are using field types

We make sure to define the proper types for all numeric fields – this assures a proper presentation as shown here:

decimal point numbers

We also format Strings that are URLs as active links to those pages. If you read our post on using log analysis for technical SEO, for example, you will see that we have changed all of the URLs in that example to active links.

Sticky Filters

Have you ever wanted to take the filters you apply to your Kibana dashboard and also apply them to the Discovery section? Kibana 4.1 now makes it possible with sticky filters. When you define a filter, you can now “pin it,” which means that it goes with you wherever you go in the software interface. This is very convenient when you are trying to troubleshoot an issue that you see in a dashboard, and you want to drill down to see all relevant events in the Discovery tab.

How do I do that?

To pin a filter to any view, hover over the filter and then click on the “pin it” icon. See this example:

sticky filter

Pinned filters are marked with a small pin icon to the left:

sticky filter two

We are still waiting for the folks at Kibana to add the ability to edit the filter like it was possible in Kibana 3, but the ability to pin filters is a great improvement.

Saved Dashboard-Specific Timeframes

If you are using different dashboards for different purposes, you can now save the specific timeframes that you have used within each dashboard configuration. Our DevOps engineers at Logz.io, for example, have many dashboards — some of them are used for business intelligence and look back six months while others are for IT operations and look back at the last fifteen minutes. Until now, this required us to set the desired timeframe every time we switched dashboards. Those days are over.

How do we do that?

When you save a dashboard, you can now select whether you want to save the timeframe in the dashboard:

save timeframe in dashboard

New charts (bubble chart and heat map)

This feature is a little tricky to find because it’s not actually a set of new charts but rather additions to existing charts.

Bubble charts (as a part of the line charts)

To generate a bubble chart, you first need to create a line chart where you have your X and Y axis represent that values that you want to show.

Then, you need to go into the options, uncheck the option “Show Connecting Lines,” and make sure that “Show Circles” is checked.

bubble charts

Then, go back to the Data tab, add a secondary aggregation on the Y axis, select “Dot Size” as the aggregation, and define the relevant aggregation you want to have on the Z axis, which is being presented on the actual bubble chart.

secondary aggregation y axis

This is not the easiest thing to do, but the results are very impressive. Obviously, you can select different aggregations on the X-axis to generate a more colorful graph.

colorful bubble charts kibana

Heat map (as part of the Tile Map)

Tile maps can now present data in heat maps. The new heat maps do not have stellar usability, which makes it a lot more complicated to understand.

To see data in heat map form, click on the Options tab and select “Heatmap” in the Map type dropdown:

heat map

The options can be a little confusing, so I will explain what they are and what they mean:

— Radius – This is the size of each one of the dots on the map. If you have a lot of data, you should choose a higher radius to see any overlap.

— Blur – The level of each dot’s blurriness. The more blurry the dots are, the more overlap is needed to create a meaningful difference in color.

— Maximum zoom – The zoom of the map at which all dots are displayed at maximum intensity.

— Minimum opacity – The minimum opacity (level of transparency) of each dot.

Again, I would state that this is a great feature that offers a poor user experience — at least in this first version — and my recommendation is to play with these parameters until the heat map is presented in the best way for your environment.

heatmap kibana

Object Import and Export

When you develop your visualizations in staging and want to move them to production, the best way to do so is to use the Import and Export capabilities in Kibana 4.1. The export is done with a json format, and you can import the object back into any instance of Kibana 4.1.

We at Logz.io are not really using this feature because we have built an internal method for migrating objects, but I can see how this would be a very useful capability to have in a large environment where you’d want to test features in staging before deploying them to your production environment.

How do I do that?

If you go to the Settings tab under the objects, you can select either to export all or to select a few objects and export them. This function is fairly easy to use, and you immediately see the json object that you have exported:

edit saved objects

Kibana 4.1 is a great improvement over Kibana 4.0, and by the look of it, Kibana 4.2 will surely have some major improvements that we can’t wait to get our hands on. So, all in all, this update is great work by the Kibana team!

kibana banner

Logz.io is a predictive, cloud-based log management platform that is built on top of the open-source ELK Stack and can be used for log analysis, application monitoring, business intelligence, and more. Start your free trial today!

Asaf Yigal is co-founder and VP Product at Logz.io. Prior to Logz.io, Asaf co-founded Currensee, a social-trading platform, which was later acquired by OANDA in 2013. Prior to Currensee, Asaf played executive roles at Akorri in developing an end-to-end performance monitoring platform and at Onaro in developing a storage resource management platform. Both Akorri and Onaro were acquired by NetApp. Prior to Onaro, Asaf headed a research team in the Israeli Navy, taking an artificial intelligence system to military deployment. Asaf holds a B.S. from the Technion and is an Instrument-rated private pilot.