Kibana Interview Questions and Answers

Kibana is an open source (Apache Licensed) data visualization and exploration platform from Elastic that is specialized for large volumes of streaming and real-time data.  It is easily performed advanced data analysis and visualize data in a variety of charts, tables, and maps. Kibana makes it easy to understand large volumes of data. It’s simple, browser-based interface enables you to quickly create and share dynamic dashboards that display changes to Elasticsearch queries in real time.

• Dashboard-Only Mode
• View Surrounding Documents
• Export to CSV
• User Management
• Proximity Events
• Cognitive Insights
• Automatic email notifications on Elastic Stack monitoring alerts
• Watcher UI for Threshold Based Alerts
• Kuery, a new query language that takes the Kibana search bar experience up a notch

The ELK stack consists of Elasticsearch, Logstash, and Kibana. Although they’ve all been built to work exceptionally well together, each one is a separate project that is driven by the open-source vendor Elastic which itself began as an enterprise search platform vendor. It has now become a full-service analytics software company, mainly because of the success of the ELK stack. Wide adoption of Elasticsearch for analytics has been the main driver of its popularity.

ELK stack setup has three main components:

Elasticsearch: It is used to store all of the application and monitoring logs (Provisioned by Qbox).

Logstash: The server component that processes incoming logs and feeds to ES.

Kibana: A web interface for searching and visualizing logs (Provisioned by Qbox).

It is a powerful tool combination for log management and data analysis, built on a combination of three open source tools: Elasticsearch, Logstash, and Kibana. These combined provide an all in one system for data storage, retrieval, and sorting and data analysis. ELK is becoming the most common open source, log management platform used globally. Here’s why you should be using ELK:

• It is solid design allows for effortless data analysis
• It is extendable sources and aggregations allow many possibilities
• It is data visualization and exploration out of the box for free

It is an Elastic Stack extension that bundles security, alerting, monitoring, reporting, and graph capabilities into one easy-to-install package.

It is divided in to four sections.

Discover: This section, you can interactively explore your data from the Discover page.

Visualize: this section, page is where you can create, modify, and view your own custom visualizations.

Dashboard: This section, page is where you can create, modify, and view your own custom dashboards.

Settings: This Section, page lets you change a variety of things like default values or index patterns.

Search Bar:  It is directly under the main navigation menu. Use this to search specific fields and/or entire messages

Time Filter:  It is use this to filter logs based on various relative and absolute time ranges. Top-right (clock icon).

Field Selector: Select fields to modify which ones are displayed in the Log View. Left, under the search bar.

Date Histogram: By default, this shows the count of all logs, versus time (x-axis), matched by the search and time filter. You can click on bars, or click-and-drag, to narrow the time filter. Bar graph under the search bar.

Log View: Use this to look at individual log messages, and display log data filtered by fields. If no fields are selected, entire log messages are displayed. Bottom-right.

The Kibana Dashboard page is where you can create, modify, and view your own custom dashboards. With a dashboard, you can combine multiple visualizations onto a single page, then filter them by providing a search query or by selecting filters by clicking elements in the visualization. Dashboards are useful for when you want to get an overview of your logs and make correlations among various visualizations and logs.

• To create a Kibana dashboard, first, click the Dashboard menu item. Here is a breakdown of the steps that are being performed:
• Clicked Add Visualization icon
• Added “Log Counts” pie chart and “Nginx: Top 10 client IP” histogram
• Collapsed the Add Visualization menu
• Rearranged and resized the visualizations on the dashboard
• Clicked Save Dashboard icon
• Choose a name for your dashboard before saving it.

The Kibana server reads properties from the kibana.yml file on startup. To change the host or port number, or connect to Elasticsearch running on a different machine, you’ll need to update your kibana.yml file. You can also enable SSL and set a variety of other options.

The default settings configure Kibana to run on localhost: 5601. To change the host or port number, or connect to Elasticsearch running on a different machine, you’ll need to update your kibana.yml file. You can also enable SSL and set a variety of other options.

The images are available in two different configurations or “flavors”. The x-pack flavor, which is the default, ships with X-Pack features pre-installed. The oss flavor does not include X-Pack, and contains only open source Kibana.

Filebeat is a log data shipper for local files. Installed as an agent on your servers, Filebeat monitors the log directories or specific log files, tails the files, and forwards them either to Elasticsearch or Logstash for indexing.

Elastic Stack is a group of open source products from Elastic designed to help users take data from any type of source and in any format and search, analyze, and visualize that data in any time. The product group was formerly known as ELK Stack, in which the letters in the name stood for the products in the group: Elasticsearch, Logstash and Kibana. A fourth product, Beats, was subsequently added to the stack, rendering the potential acronym unpronounceable. Elastic Stack can be deployed on premises or made available as Software as a Service (SaaS).

• It is free and easy to setup
• Mapping Support
• Interactive Charts
• Supports Plugins
• Pre-built Aggregations and Filters
• Easy Distribution of Dashboards and more…