Kibana

Kibana installation and configuration.

Installation

Download and install the Elastic public signing key :

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Create a new yum repo file and add the following lines :

sudo vi /etc/yum.repos.d/elastic.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Install Kibana:

sudo yum install kibana

Enable and start Kibana:

sudo systemctl enable kibana
sudo systemctl start kibana

Configuration

Basic configuration is not suitable for production environment. In production authentication, encryption and tuning are required for Kibana nodes.

Basic configuration

Modify the Kibana configuration file and set the following parameters with your values:

sudo vi /etc/kibana/kibana.yml
# Set server port
server.port: 5601
# Set server IP of Hostname
server.host: $your_host_IP_name
# Set server name
server.name: "Nybble Analytics"
# Set URL of Elasticsearch instances to query
elasticsearch.hosts: ["http://$Your_ES_instance:9200"]
# Set Elasticsearch request timeout
elasticsearch.requestTimeout: 300000 #Can be necessary if resources are limited on server

Security configuration

TLS between Elasticsearch and Kibana

To configure TLS between Elasticsearch and Kibana, TLS for HTTP layer need to be configure at Elasticsearch level. TLS for HTTP layer configuration steps can be found in Elasticsearch configuration guide.

Reuse the truststore created during Elasticsearch or Kafka secured configuration steps.

Copy the truststore (local or SFTP) in the Kibana configuration folder and set kibana service account as owner:

sudo cp nybble.truststore.jks /etc/kibana/
sudo chown kibana:kibana /etc/kibana/nybble.truststore.jks

Modify the Kibana configuration file and set the following parameters with your values:

sudo vi /etc/kibana/kibana.yml
# Set server port
server.port: 5601
# Set server IP of Hostname
server.host: $your_host_FQDN
# Set server name
server.name: "Nybble Analytics"

Set Elasticsearch instances URL to use HTTPS:

# Set Elasticsearch instances URL with HTTPS.
elasticsearch.hosts: ["https://$your_ES_Node_FQDN:9200"]

Hostname specified in "elasticsearch.hosts" section need to match the FQDN used during the certificate creation in Elasticsearch configuration section.

If you want to disable hostname verification during the certificate validation, add/uncomment the following line:

# Ignore hostname verification during certificate validation.
elasticsearch.ssl.verificationMode: certificate

Set truststore path that will be used for SSL between Elasticsearch and Kibana:

# Specify JKS Truststore path for SSL between Elasticsearch and Kibana.
elasticsearch.ssl.truststore.path: /etc/kibana/nybble.truststore.jks

If truststore is encrypted, set the truststore password for decryption:

# If JKS file is encrypted, specify decryption password.
elasticsearch.ssl.truststore.password: $your_truststore_pwd

HTTPS for Kibana access

If you followed the instruction for Kafka SSL configuration, you can reuse the CA certificate, else you can follow the "Root CA" steps in Kafka section.

Create a keystore file for each Kibana node:

sudo keytool -keystore kibana.keystore.jks -alias localhost -validity 3650 -genkey -keyalg RSA -ext SAN=DNS:kibana.nybble.local

Use your own node FQDN for the Subject Alternative Name (SAN).

Use your own node FQDN for response to "What is your first and last name?" prompt.

Keystore password will be used in Kibana configuration.

Export the Kibana node's certificate to signed it with the root CA:

sudo keytool -keystore kibana.keystore.jks -alias localhost -certreq -file kibana.unsigned.crt

Sign the Kibana node's certificate with the Root CA:

sudo openssl x509 -req -CA nybble-ca.crt -CAkey nybble-root.key -in kibana.unsigned.crt -out kibana.signed.crt -days 3650 -CAcreateserial

Import the Root CA certificate in the Kibana node's keystore:

sudo keytool -keystore kibana.keystore.jks -alias CARoot -import -file nybble-ca.crt

Import the signed Kibana node's certificate in the Kibana node's keystore:

sudo keytool -keystore kibana.keystore.jks -alias localhost -import -file kibana.signed.crt

Copy the keystore (local or SFTP) in the Kibana configuration folder and set kibana service account as owner:

sudo cp kibana.keystore.jks /etc/kibana/
sudo chown kibana:kibana /etc/kibana/kibana.keystore.jks

Edit Kibana configuration and add/modify following lines with your values:

Change "server.host" value to match the FQDN used during certificate creation in the previous steps.

# Set server IP or Hostname to listen on. Need to match the FQDN used during certificate creation.
server.host: "kibana.nybble.local"
# Enable SSL for inbound connection
server.ssl.enabled: true
# Set keystore path for HTTPS inbound connection
server.ssl.keystore.path: /etc/kibana/kibana.keystore.jks
# If JKS file is encrypted, specify decryption password.
server.ssl.keystore.password: $your_keystore_pwd

Authentication configuration

Authentication need to be configured at Elasticsearch level. Authentication configuration steps can be found in Elasticsearch configuration section.

Use "kibana" built-in user for authentication between Elasticsearch and Kibana (Built-in users password modification steps):

# Set authentication with 'kibana' built-in user.
elasticsearch.username: "kibana"
elasticsearch.password: $kibana_user_password

Restart Kibana to apply the security parameters:

sudo systemctl restart kibana