Configuring Kibana to read the Elasticsearch index

As the Elasticsearch server index has been created and the Apache logs are getting pushed to it, our next task is to configure Kibana to read Elasticsearch index data. We need to open Kibana using its default port number: http://localhost:5601.

This will load the default page of Kibana. Now, we need to click on Management from the left menu, which will open the following screen:

In the previous screenshot, we have three options: Index Patterns, Saved Objects, and Advanced Settings. For setting up a new index, we need to click on Index Patterns, which will open the following screen:

In the Create index pattern screen, there are two steps. In step one, we need to provide the index pattern in the given textbox:

This textbox accepts a wildcard so that we can provide initial characters of the Elasticsearch index. This will automatically pick up the name by providing the dropdown and show the message Success Your index pattern matches 1 index. This will show you the count of indexes that are matched with given wildcard characters. Now, from the dropdown, we can select the index and click on the Next step button, which will open the following screen:

For the second step of creating an index pattern, here, we need to configure the settings by providing the time filter field name. This dropdown automatically picks all date fields from the Elasticsearch index. We need to select the field to use time filters. Now, we have to click on the Create index pattern button, which will open the following screen:

This is the final screen for the Elasticsearch index setup in Kibana. At the top, we can see the index name, and below that, the index fields with type and additional details, such as whether they are searchable, aggregatable, and excluded, with an edit icon to modify parts of these details.

We also have the option to delete the index from Kibana using the delete icon on the top-right section of the screen. We can also click on the refresh icon to refresh the index. We can refresh the index in Kibana if any changes have been done in Elasticsearch for the index. Apart from delete and refresh, there is a star icon, which can be used to make the index a default index. Whenever we open Kibana, the default index is loaded automatically.

In the index field display, we have the option to filter the fields on the basis of field types. By default, it is set on all field types, which we can change as there are different options, such as date, string, number, and _source.

In the Except fields tab, we have two more tabs: scripted fields and source filters. Scripted fields are computed from the data on the fly, and we can set them by clicking on the Add scripted field button. The Source filter tab is used to filter the field from search, as sometimes we may want to exclude certain fields, and at that time, we can use this option. I will cover these options in detail in later chapters.

So, we have covered how to set up Logstash to read Apache logs and output them in the Elasticsearch index. Then, we set up Kibana to read the index and display its data type with additional details.