<h1 id="kibana">Kibana<a aria-hidden="true" class="anchor-heading icon-link" href="#kibana"></a></h1>
<p>Kibana is a data visualisation tool that provides charts and graphs for data visualisation. It also provides functionality for managing the broader Elastic stack.</p>
<h1 id="concepts">Concepts<a aria-hidden="true" class="anchor-heading icon-link" href="#concepts"></a></h1>
<ul>
<li><strong>Index Patterns</strong> select data and properties to be used from a given Elasticsearch index.</li>
<li><strong>Panels</strong> are individual visualisations built on data in an Index Pattern.</li>
<li><strong>Dashboards</strong> allow visualising data with sets of Panels.</li>
<li><strong>Timelion</strong> syntax is designed for advanced visualisations and offers a quicker build/test cycle vs using the graphical interface.</li>
<li><strong>Alerts</strong> allow declaration of alarms based on metrics exceeding defined thresholds. These can be sent to connectors such as chat or incident management systems.</li>
</ul>
<h1 id="installation">Installation<a aria-hidden="true" class="anchor-heading icon-link" href="#installation"></a></h1>
<p>The Kibana configuration file is usually located at <code>/etc/kibana/kibana.yml</code>.</p>
<h1 id="querying">Querying<a aria-hidden="true" class="anchor-heading icon-link" href="#querying"></a></h1>
<p>Kibana can be queried using two different syntaxes:</p>
<ul>
<li>The original <strong>Lucene</strong> query syntax.</li>
<li><strong><abbr title="Kibana Query Language">KQL</abbr></strong> is the preferred interface.</li>
</ul>
<p>The two syntaxes are fairly similar, but:</p>
<ul>
<li>Only <abbr title="Kibana Query Language">KQL</abbr> gets suggestions as you type.</li>
<li><abbr title="Kibana Query Language">KQL</abbr> uses <code>size:>=42</code> for greater and less than queries vs Lucene's <code>size:[42 TO *]</code>.</li>
<li><abbr title="Kibana Query Language">KQL</abbr> doesn't support ranges, which can be expressed in Lucene as <code>size:[42 TO 113]</code>.</li>
<li>Field presence is tested in <abbr title="Kibana Query Language">KQL</abbr> using <code>field:*</code> and <code>_exists_:field</code> in Lucene.</li>
<li>Lucene allows regular expressions and fuzzy matching.</li>
</ul>
<p>The syntax is <code>field:value</code> for equality.</p>

Kibana


![Digital brain](assets/images/logo.svg){display: block, margin: 0 auto, max-height: 50vh}

Hi, I'm Luke 👋

I'm a software engineer turned site reliability engineer. I'm currently big on knowledge management and learning.

# Find me elsewhere

- [👨‍💻 DEV](https://dev.to/lukecarrier)
- [🚢 GitHub](https://github.com/LukeCarrier)
- [👔 LinkedIn](https://www.linkedin.com/in/lukecarrier/)
- [📄 Résumé](https://github.com/LukeCarrier/resume)
