Loading

Access monitoring data in Kibana

ECE ECK Elastic Cloud Hosted Self Managed

After you collect monitoring data for one or more products in the Elastic Stack, you can configure Kibana to retrieve that information and display it in on the Stack Monitoring page.

At a minimum, you must have monitoring data for the Elasticsearch production cluster. Once that data exists, Kibana can display monitoring data for other products in the cluster.

In Elastic Cloud Enterprise and Elastic Cloud Hosted, this configuration is performed automatically. Skip to View monitoring data in Kibana.

Tip

If you use a separate monitoring cluster to store the monitoring data, it is strongly recommended that you use a separate Kibana instance to view it. If you log in to Kibana using SAML, Kerberos, PKI, OpenID Connect, or token authentication providers, a dedicated Kibana instance is required. The security tokens that are used in these contexts are cluster-specific, therefore you cannot use a single Kibana instance to connect to both production and monitoring clusters. For more information about the recommended configuration, see Monitoring overview.

ECK Self Managed

  1. Identify where to retrieve monitoring data from.

    If the monitoring data is stored on a dedicated monitoring cluster, it is accessible even when the cluster you’re monitoring is not. If you have at least a gold license, you can send data from multiple clusters to the same monitoring cluster and view them all through the same instance of Kibana.

    By default, data is retrieved from the cluster specified in the elasticsearch.hosts value in the kibana.yml file. If you want to retrieve it from a different cluster, set monitoring.ui.elasticsearch.hosts.

    To learn more about typical monitoring architectures, see How monitoring works and Monitoring in a production environment.

  2. Verify that monitoring.ui.enabled is set to true, which is the default value, in the kibana.yml file. For more information, see Monitoring settings.

  3. If the Elastic security features are enabled on the monitoring cluster, you must provide a user ID and password so Kibana can retrieve the data.

    1. Create a user that has the monitoring_user built-in role on the monitoring cluster.

      Note

      Make sure the monitoring_user role has read privileges on metrics-* indices. If it doesn’t, create a new role with read and read_cross_cluster index privileges on metrics-*, then assign the new role (along with monitoring_user) to your user.

    2. Add the monitoring.ui.elasticsearch.username and monitoring.ui.elasticsearch.password settings in the kibana.yml file. If these settings are omitted, Kibana uses the elasticsearch.username and elasticsearch.password setting values. For more information, see Configuring security in Kibana.

  4. (Optional) If you're using a self-managed cluster, then optionally configure Kibana to encrypt communications between the Kibana server and the monitoring cluster. See Encrypt TLS communications in Kibana.

  5. If the Elastic security features are enabled on the Kibana server, only users that have the authority to access Kibana indices and to read the monitoring indices can use the monitoring dashboards.

    Create users that have the monitoring_user and kibana_admin built-in roles. If you created a new role with read privileges on metrics-* indices, also assign that role to the users.

    Note

    These users must exist on the monitoring cluster. If you are accessing a remote monitoring cluster, you must use credentials that are valid on both the Kibana server and the monitoring cluster.

  1. Open the Kibana monitoring instance in your web browser.

    By default, if you are running Kibana locally, go to http://localhost:5601/.

    If the Elastic security features are enabled, log in.

  2. Go to the Stack Monitoring page using the global search field.

    If data collection is disabled, you are prompted to turn on data collection. If Elasticsearch security features are enabled, you must have manage cluster privileges to turn on data collection.

Note

If you are using a separate monitoring cluster, you do not need to turn on data collection. The dashboards appear when there is data in the monitoring cluster.

  1. Log into Elastic Cloud Console (ECH) or the Cloud UI (ECE).

  2. On the Deployments page, select your deployment.

    Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.

  3. From your deployment menu, go to the Logs and Metrics page.

  4. Select the corresponding View button to check the logs or metrics data.

Alternatively, you can access logs and metrics directly on the Kibana Logs and Stack Monitoring pages in the target monitoring deployment.

On the Stack Monitoring page, you’ll see cluster alerts that require your attention and a summary of the available monitoring metrics for Elasticsearch, Logstash, Kibana, and Beats. To view additional information, click the Overview, Nodes, Indices, or Instances links. For more information about these metrics, refer to Visualizing monitoring data. For information about configuring alerts for these metrics, refer to Stack monitoring alerts.

Monitoring dashboard

If you encounter problems, see Troubleshooting monitoring.

Tip

If you're using Elastic Cloud Hosted or Elastic Cloud Enterprise, then you can also get a direct link to the relevant Stack Monitoring page from the Deployments > Logs and metrics page. Learn more.