Kibana

Overview

Similar to Splunk, it allows user to visualize and analyze data. Kibana is powered by elasticsearch. Think of Kibana as the frontend and elasticsearch is the backend.

Key Words

• Elasticsearch - is a distributed, scalable, and highly available search engine. It is used to store and index data so that it can be quickly searched and analysed.

• Index Pattern - similar to Splunk, index is used to search in log
• Use KQP - Kabina Query Language see: KQL offical doc

Description

Typically different data will yield to different fields. The first thing we might want to look into is the Fileds pane on the left. This gives us an idea of what’s the data look like. We can also add it to the filter by a right click!