Kibana 6.3

Kibana 6.3 was released a few weeks ago, together with new versions of Elasticsearch, Logstash and Beats, and despite the fact that this was not a major release, the new capabilities included in this version definitely deserve a close look.

The inclusion of basic X-Pack features and improvements to the search experience are especially worthy of note and will be reviewed here together with some of the other changes included.

Autocomplete

Although there are some obvious visual changes to Kibana in this version, I have to start with what is a game changer for Kibana users — the introduction, still in experimental mode, of a new search experience with autocomplete capabilities.

Kuery, the new functional querying syntax introduced almost a year ago, has been ditched in favor of a more simple search syntax based on the good-old Lucene syntax. The focus has shifted to making searches easier, and you can read up on how to use this syntax here.

The search experience is made even easier, though, with the experimental autocomplete. When beginning a search, Kibana will make suggestions for fields, values and query operators, based on the data you are searching (the Elasticsearch index you are querying):

referrer

As you advance with your search, Kibana continues to offer suggestions for completing the search:

equals

As seen below, Kibana’s autocomplete is suggesting specific values for the field we selected to search:

keyword

X-Pack basic features and licensing changes

Another major change is the integration with X-Pack as part of the new licensing model.

Whereas users were once required to install and configure the X-Pack Kibana plugin — a process that improved over time but was still cumbersome — now users can use X-Pack features out of the box.

Kibana

Only basic X-Pack features are available for use, including the monitoring UI, the search profiler, the grok debugger and APM UI. Additional X-Pack features, such as security, alerting, anomaly detection and graph analytics, require a paid subscription.

This change stems from the decision by Elastic to open source X-Pack. The default Elasticsearch, Logstash, KIbana and Beats distributions now include X-Pack and are licensed under a new Elastic license, where as separate open source packages are available under the Apache 2.0 license.

For existing X-Pack users, one breaking change here — you will need to uninstall the X-Pack plugin before upgrading to 6.3.

Elasticsearch index management

Opening up the Management page in Kibana 6.3, users now have the option to select Index Management to manage Elasticsearch indices via an easy-to-use UI.

The management options available for users include seeing a general overview of the index (e.g. health, status, docs count, size), closing an index, refreshing it, flushing it, deleting it, and more.

metricbeat

Additional UI/UX changes

A few other changes were applied that should help make the lives of Kibana users a bit easier.

When selecting a time frame in Kibana, you can now see a list of the recent time frames used.

Likewise, at the top of the Kibana homepage, you’ll see a list at the recently used searches, visualizations or dashboards for quick reference:

add data

The Visual Builder also seems to have improved, and I highly recommend playing around with some of the built-in Visual Builder visualizations provided with Metricbeat to get a taste.

Controls visualization

This visualization has been in the works for some time now, and is still experimental, but finally looks mature in Kibana 6.3. It allows you to create interactive controls for playing around with the data in your dashboard.

Below, for example, I’m using the Controls visualization in a dashboard monitoring Apache access logs. I’ve added a Controls visualization that allows me to easily toggle or filter the data according to a specific error code:

dashboard

Endnotes

For a full list of the improvements and bug fixes included in this version, check out the release notes. There are also some breaking changes that you should probably be aware of before upgrading, such as the issue mentioned above of needing to remove X-Pack before upgrading.

All in all, there are a lot of promising changes in this version, especially around the search experience. The changes to the underlying licensing are important to note, since from an end-user’s perspective, it offers additional functionality at no cost.

Wanting to provide our users with the most updated and stable version of Kibana, we are currently in the process of upgrading the Logz.io UI to support Kibana 6.3. Stay tuned for news!

Easily add ready-made dashboards and visualizations to Kibana with Logz.io's ELK Apps!