All Products
Search
Document Center

Elasticsearch:Log on to the Kibana console

Last Updated:May 04, 2023

You can perform operations such as data queries and data visualization in the Kibana console. This topic describes how to log on to the Kibana console.

Background information

The Kibana console provided by Alibaba Cloud Elasticsearch allows you to expand your business. The Kibana console is seamlessly integrated into Elasticsearch. You can use the Kibana console to view the status of your Elasticsearch cluster in real time and manage the cluster.

Prerequisites

  • An Alibaba Cloud Elasticsearch cluster is created.

    For more information, see Create an Alibaba Cloud Elasticsearch cluster.

    Important

    When you create an Alibaba Cloud Elasticsearch cluster, the value of the Kibana Node parameter is fixed as Yes. Due to the impact on performance and stability, we recommend that you select the specifications of 2 vCPUs and 4 GiB of memory or higher for the Kibana node. The Kibana node with one vCPU and 2 GiB of memory is free of charge. However, we recommend that you use the Kibana node with one vCPU and 2 GiB of memory only for testing purposes.

  • The Public Network Access or Private Network Access feature is enabled for the Kibana console. By default, the Public Network Access feature is enabled.

    For more information, see Configure a public or private IP address whitelist for Kibana.

  • The language of the Kibana console is English. The default language is English. If the language is not English, change the language.

    For more information, see Configure the language of the Kibana console.

Architecture description

Alibaba Cloud Elasticsearch provides a new control architecture, which is the cloud-native control architecture, for some clusters of higher versions. The operations that are performed to log on to the Kibana console of a cluster deployed based on the cloud-native control architecture differ from the operations that are performed to log on to the Kibana console of a cluster deployed based on the original control architecture. You can perform the following steps to determine the control architecture of a cluster:

  1. Log on to the Alibaba Cloud Elasticsearch console.
  2. In the left-side navigation pane, click Elasticsearch Clusters.
  3. Navigate to the desired cluster.
    1. In the top navigation bar, select the resource group to which the cluster belongs and the region where the cluster resides.
    2. On the Elasticsearch Clusters page, find the cluster and click its ID.
  4. In the left-side navigation pane of the page that appears, click Data Visualization.

  5. In the Kibana section of the page that appears, click Edit Configuration.

  6. On the Kibana Configuration page, determine the control architecture of the cluster based on the value of Public Network Port.

    • If the value of Public Network Port is 5601, the original control architecture is used for the cluster. For more information about how to log on to the Kibana console of the cluster, see Procedure (original control architecture).

    • If the value of Public Network Port is 443, the cloud-native control architecture is used for the cluster. For more information about how to log on to the Kibana console of the cluster, see Procedure (cloud-native control architecture).

Procedure (original control architecture)

  1. Log on to the Alibaba Cloud Elasticsearch console.
  2. In the left-side navigation pane, click Elasticsearch Clusters.
  3. Navigate to the desired cluster.
    1. In the top navigation bar, select the resource group to which the cluster belongs and the region where the cluster resides.
    2. On the Elasticsearch Clusters page, find the cluster and click its ID.
  4. In the left-side navigation pane of the page that appears, click Data Visualization.

  5. In the Kibana section, click Access over Internal Network or Access over Internet.

    • Access over Internal Network: The Access over Internal Network entry is displayed only after you enable the Private Network Access feature for the Kibana console. This feature is disabled by default. For more information, see Configure a public or private IP address whitelist for Kibana.

      Note

      You can enable Private Network Access only if port 5601 is used for access to Kibana over the Internet. You can go to the console to check whether you can enable Private Network Access.

    • Access over Internet: The Access over Internet entry is displayed only after you enable the Public Network Access feature for the Kibana console. This feature is enabled by default. For more information, see Configure a public or private IP address whitelist for Kibana.

      Note
      • If this is the first time you are logging on to the Kibana console from the Access over Internet entry, and you have not modified the access configuration, the system prompts you to modify the configuration. In the Note message, click Edit Configuration. The Modify Public Network Whitelist panel appears. In this panel, add the IP address of your client to the whitelist. For more information, see Configure a public or private IP address whitelist for Kibana. After you modify the configuration, go back to the Data Visualization page and click Access over Internet again. Then, the Kibana logon page appears.

      • If your client is in a home network or in a LAN of an office, you must add the IP address of the Internet egress to the whitelist rather than the private IP address of the client. We recommend that you visit https://myip.ipip.net to query the IP address of the Internet egress. You can also specify 0.0.0.0/0 as the whitelist. If you make this configuration, all public IPv4 addresses can be used to access the Kibana console. This poses security risks. You must evaluate the risks before you make this configuration.

  6. On the Kibana logon page, enter the username and password and click Log in.

    After you log on to the Kibana console, you can perform the desired operations. For example, you can query data or create dashboards to present data. For more information, see Kibana Guide.

Procedure (cloud-native control architecture)

Alibaba Cloud Elasticsearch provides a new control architecture, which is the cloud-native control architecture, for some clusters of higher versions. In this architecture, only port 443 can be used to access the Kibana console over the Internet. To ensure the security of access to the Kibana console in the cloud-native control architecture, you can access the Kibana console only by performing the following operations. You cannot call the related API to access the Kibana console.

Note
  • When you use the domain name of Kibana to access the Kibana console through the browser, you must log on to your Alibaba Cloud account.

  • Before you log on to the Kibana console of an Elasticsearch cluster as a RAM user, you must attach the system policy AliyunElasticsearchReadOnlyAccess to the RAM user. For more information about how to grant permissions to a RAM user, see Grant permissions to a RAM user.

  1. Log on to the Alibaba Cloud Elasticsearch console.
  2. In the left-side navigation pane, click Elasticsearch Clusters.
  3. Navigate to the desired cluster.
    1. In the top navigation bar, select the resource group to which the cluster belongs and the region where the cluster resides.
    2. On the Elasticsearch Clusters page, find the cluster and click its ID.
  4. In the left-side navigation pane of the page that appears, click Data Visualization.

  5. In the Kibana section of the page that appears, click Access over Internet.

    The Access over Internet entry is displayed only after you enable the Public Network Access feature for the Kibana console. This feature is enabled by default. For more information, see Configure a public or private IP address whitelist for Kibana.

    Note
    • If port 443 is used for access to Kibana over the Internet, you cannot enable Private Network Access.

    • If this is the first time you are logging on to the Kibana console from the Access over Internet entry, and you have not modified the access configuration, the system prompts you to modify the configuration. In the Note message, click Edit Configuration. The Modify Public Network Whitelist panel appears. In this panel, add the IP address of your client to the whitelist. For more information, see Configure a public or private IP address whitelist for Kibana. After you modify the configuration, go back to the Data Visualization page and click Access over Internet again. Then, the Kibana logon page appears.

    • If your client is in a home network or in a LAN of an office, you must add the IP address of the Internet egress to the whitelist rather than the private IP address of the client. We recommend that you visit https://myip.ipip.net to query the IP address of the Internet egress. You can also specify 0.0.0.0/0 as the whitelist. If you make this configuration, all public IPv4 addresses can be used to access the Kibana console. This poses security risks. You must evaluate the risks before you make this configuration.

  6. On the Kibana logon page, enter the username and password and click Log in.

    After you log on to the Kibana console, you can perform the desired operations. For example, you can query data or create dashboards to present data. For more information, see Kibana Guide.

FAQ