Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.
Kibana is a data virtualization tool which allows you to view the content of your ElasticSearch database. It is especially useful for viewing aggregated log files and metrics of your domain.
Installation
Install Elasticsearch
Kibana uses Elasticsearch as a Backend. Please install ElasticSearch according to our Article. We assume that you have the repository set from that article.
Install Kibana
Kibana utilizes the same repositories as ElasticSearch. Thus it can be installed directly. Furthermore enable Kibana as an autostarting service
univention-install kibana
systemctl enable kibana.service
systemctl start kibana.service
Open the Firewall Ports
To Access Kibana, you need to open the port in the firewall. Set the respective UCR variables to open them
ucr set security/packetfilter/tcp/5601/all=ACCEPT \
security/packetfilter/tcp/5601/en="Kibana"
service univention-firewall restart
Configure Kibana
Most default values for Kibana are sufficient. However, to access it from remote, the server name has to be set. Open the config file /etc/kibana/kibana.yml and find the line starting with
server.host
Uncomment the line and insert the correct fully qualified server name.
Restart
Restart Elasticsearch and Kibana
systemctl restart elasticsearch.service
systemctl restart kibana.service
First Use
You can access Kibana using the name of your server and port 5601:
http://<ip of your server>:5601
Afterward please set the Discovery patterns according to the beats used within the web interface and configure the matching visualization.