Overview
Users with System Administrator privileges have full access to Logging.
SystemAdmin | Admin | Editor | Viewer | |
|---|---|---|---|---|
Discover | Full access | Full access | Full access | Can view logs Cannot save viewed logs (Save button disabled) |
Dashboard | Full access | Full access | Full access | No access |
Visualize | Full access | Full access | Full access | No access |
Query Workbench | Has full access but not intended for use | No access | No access | |
Alerting | No access | No access | ||
Anomaly Detection | No access | No access | ||
Notebooks | No access | No access | ||
Dev Tools | Full access | Full access for indexes within the project | No access | No access |
Index Management | Full access | Full access for indexes within the project | No access | No access |
Stack Management | Full access | Full access for indexes within the project | View, edit, and delete permissions No permission to create index patterns | View-only access No permissions to edit or delete |
Security | Visible and full access | Not visible | Not visible | Not visible |
The biggest difference from other Roles and permissions is that it has access to the "Security" menu in Kibana.
In this menu, you can configure or modify permissions and management of log data across multiple clusters, including Roles, users, Permissions, and Tenants.
How to Access Kibana
Select the Logging Menu from the console
How to Switch Tenants
Clicking the icon at the top right of Kibana displays account information and related menus.
Selecting the "Switch tenants" menu allows you to change tenants.
There are three main types of tenants:
global - (1)
A public tenant accessible to all users.
Private - (2)
A tenant accessible only to the logged-in user.
Choose from custom - (3)
You can select custom tenants that you have access to.
Main Kibana Menus
Discover - (1)
This screen allows you to browse logs.
Reference Document: https://www.elastic.co/guide/en/kibana/7.9/discover.html
Search Bar - (1-1)
Enter keywords to filter logs within the search period.
Example searches: error, request_method: POST
Time Range Selection - (1-2)
Selecting the calendar allows quick selection of search periods, such as last 15 minutes, 30 minutes, 1 hour, 1 day, 1 week, or 1 month.
The default is from 15 minutes ago to the present (Last 15 minutes).
You can select periods such as the last 15 minutes, 30 minutes, 1 hour, one day ago, one week ago, one month ago, etc.
You can specify the cycle for automatically re-searching the Log of the search period in Refresh every at the bottom and then start or stop it.
If you select the set period on the right, you can set the search period from From to To by selecting 3 options: Absolute, Relative, and Now.
Absolute: Used when selecting an absolute time.
Relative : 상대적인 시간을 선택할 때 사용합니다.
Now : 현재 시간을 선택할 때 사용합니다.
Refresh Button - (1-3)
Refreshes logs based on set filters and time ranges.
Filter Button - (1-4)
Allows filtering logs using field values.
Selecting the Field Combo box allows you to select field values in the retrieved log.
Apply filtering by selecting the method to apply in the Operator and entering the required values.
Select and display index-pattern parts - (1-5)
This is the part where you select or display the index-pattern of the log you want to search.
At first, the index-pattern set to Default is displayed, and after that, the index-pattern you changed by selecting the Combo box is displayed.
Selected field values in the summary information section of the log - (1-6)
In the Avaliable fields section below, hover over the field you want to add to the summary information, and the “Add” button will appear on the right.
When you add it, the added field will be displayed in the summary information in the Selected fields section.
When you want to delete it again, hover over the field you want to delete, and the “Remove” button will appear on the right.
Dashboard - (2)
You can attach visualizations to panels to check multiple pieces of information at a glance.
reference Document : https://www.elastic.co/guide/en/kibana/7.9/dashboard.html
Below is a Dashboard Sample.
Visualize - (3)
Logs can be visualized in various forms.
reference Document : https://www.elastic.co/guide/en/kibana/7.9/visualize.html
Lens : You can quickly build many different types of basic visualizations by simply dragging and dropping the data fields you want to display.
Most frequently used visualizations
Line, area, and bar charts —Compare multiple series on an X/Y chart.
Pie chart — Displays the contribution of each source to the total.
Data table —Merges aggregates into a table format.
Metric — Displays a single number.
Goal and gauge — Displays numbers with progress indicators.
Tag cloud — Displays words in a cloud where the size of the word corresponds to its importance.
TSVB : Visualize time series data using pipeline aggregations.
Timelion : Compute and combine data from multiple time series data sets.
Maps :Display geospatial data in Kibana.
Heat map : Displays shaded cells within a matrix.
Markdown widget —Displays free-form information or instructions.
Controls — Add interactive input to your dashboard.
Vega : Complete control over queries and displays.
Below is a Visualize Sample.
Dev Tools - (4)
This is the screen where you can call Rest API and view the results.
reference Document : https://www.elastic.co/guide/en/kibana/7.9/devtools-kibana.html
Index Management - (5)
This is the screen for menus that manage the index.
Index Policies - (1)
This screen allows you to create/edit/delete policies that manage indexes.
Managed Indices - (2)
This is a screen where you can edit/delete/retry the indexes to which the policy is applied.
Indices - (3)
The saved indexes are displayed. You can apply the created Index Policy to the index.
Stack Management - (6)
This is the screen for managing Kibana settings, etc.
Index Patterns - (1)
Index-Pattern is the target index that specifies the criteria for searching in Kibana. In this screen, you can create an Index-Pattern or search for created Index-Patterns.
How to create an Index-Pattern
First, click the “Create index pattern” button on the top right.
Second, patternize the indexes you want to group. (Example: security-auditlog-*)
Third, set the time that will be used as the reference when displaying the Logs to be searched and click the “Create index pattern” button to create it.
Saved Objects - (2)
This screen shows the saved objects used in Kibana.
Advanced Settings - (3)
This screen shows various settings of Kibana and you can also edit each setting.
Security - (7)
You can set permissions and management for log data in Multi Cluster, such as authentication, access control, Roles, users, Permissions, and Tenants.
Roles - (1)
This is the screen where you can create/edit/delete Roles.
Roles have permissions for Cluster/Index in the specified Tenant and are mapped to Internal users and External identities affected by the permissions.
When you create a Project in the Cloud Z CP console, the following Roles are created.
{Realm name}_{Project name}_Admin |
{Realm name}_{Project name}_Editor |
{Realm name}_{Project name}_Viewer |
If you have Kibana Tool Permission in the Role of the Cloud Z CP console, the Role will be mapped to an External identity.
Internal users - (2)
This is a screen where you can create/edit/delete users managed within Kibana.
Tenants - (3)
This is the screen where you can create/edit/delete tenants for Kibana.
A tenant is a space to store index-patterns, visualizations, dashboards, and other Kibana objects.
By default, all Kibana users can access two tenants: Private and Global. The Global Tenant is shared among all Kibana users. The Private Tenant is exclusive to each user and cannot be shared.
Tenants are useful for securely sharing work with other Kibana users. You can control which roles have access to a tenant and whether they have Read or Write access.
Online consultation
Contact us