Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.
Kibana is a data virtualization tool which allows you to view the content of your ElasticSearch database. It is especially useful for viewing aggregated log files and metrics of your domain.
Kibana uses Elasticsearch as a Backend. Please install ElasticSearch according to our Article. We assume that you have the repository set from that article.
Kibana utilizes the same repositories as ElasticSearch. Thus it can be installed directly. Furthermore enable Kibana as an autostarting service
univention-install kibana systemctl enable kibana.service systemctl start kibana.service
To Access Kibana, you need to open the port in the firewall. Set the respective UCR variables to open them
ucr set security/packetfilter/tcp/5601/all=ACCEPT \ security/packetfilter/tcp/5601/en="Kibana" service univention-firewall restart
Most default values for Kibana are sufficient. However, to access it from remote, the server name has to be set. Open the config file /etc/kibana/kibana.yml and find the line starting with
Uncomment the line and insert the correct fully qualified server name.
Restart Elasticsearch and Kibana
systemctl restart elasticsearch.service systemctl restart kibana.service
You can access Kibana using the name of your server and port 5601:
http://<ip of your server>:5601
Afterward please set the Discovery patterns according to the beats used within the web interface and configure the matching visualization.