Kibana dashboard example
Updated: Oct 25, 2019
In this Kibana dashboard tutorial we will learn how to create Kibana dashboard. Before we start with sample Kibana dashboard example, I hope you have some sample data loaded into ELK Elasticsearch. If not, please refer my previous blog - How to load sample data into ELK Elasticsearch.
As discussed in my previous blog I am using sample Squid access logs (comma separated CSV file). You can find the file format details at this link.
Navigation Menu
For our understanding, we will create two basic Kibana dashboard:
Top 10 requested URL's (type: pie chart): Basically, it will show what are the top 10 URL's which are getting hits.
Number of events occurred per hour (type: bar chart): It will show various types of events which occurred each hour.
Use Case 1: Top 10 Requested URL's (Pie chart)
Open Kibana UI on your machine and go to Visualize tab => Create a visualization:
Select the type of visualization. For our first use case, select pie chart:
Select the index squidal which we created earlier.
Now go to Options and uncheck Donut check box as we need a simple pie chart. Check Show Labels or you can leave it blank if you don't want labels, it's up to you.
Next, go to Data tab where you will find Metrics or you can say Measure in reporting terminology by default it will show as Count.
Click on blue button right behind Split Slices in order to choose Aggregation type. Lets choose Terms aggregation for our use case (in simple words assume Terms like group by SQL). Refer this for more details.
Further, choose the Field => Requested_URL.keyword which will act as dimension for us. Hit blue arrow button next to Options in order to generate the chart. You can also give this chart a custom label as shown below.
Save the chart => Hit Save button on top right corner of your dashboard. You can name the visualization as Top 10 Requested URL.
Now go to Dashboard tab => Create a dashboard => Add => Select Top 10 Requested URL
Hit Save button on top of your dashboard. Give it a meaningful name, for instance Squid Access Log Dashboard.
Use Case 2: Number of events per hour (Bar chart)
Go to Visualize tab again (top left corner of your screen) and click on "+" sign. Choose chart type as vertical bar and select squidal index.
In this case, instead of choosing aggregation type as Terms, we will be using X-Axis bucket with Date Histogram and Interval as Hourly as shown below:
Hit Save button and give it an appropriate name, for instance Events per Hour.
Now go back to Dashboard tab => Squid Access Log Dashboard => Edit => Add and select Events per hour to add it in your dashboard.
Hit Save again. At this point your dashboard should look like this:
You can add as many visualizations you want depending upon your business requirement. Your opinion matters a lot please comment if you have any questions for me. Thank you!
Navigation Menu:
