Elastics node.js web frontend in the stack, and (by default) runs on port 5601. It’s wise to install Kibana on its own infrastructure (i.e. isolated from the Elasticsearch cluster). The node process is light (compared to the JVM anyway) consuming hundreds of MB.


Package (yum or deb)

While available as a tarball, the nicest option is to go with a package, takes care of plumbing such as systemd, and general system integration such as /etc/kibana for configuration, logs and data files.

# dpkg -i kibana-6.5.4-amd64.deb

The distribution will be installed in /usr/share/kibana


Elastic generally provides a separate binary to ease bolting on plugins.

cd /usr/share/kibana
./kibana-plugin install x-pack

A separate install is no longer necessary as of 6.5+, which by default is bundled. The X-Pack provides some really cool functionality:

  • machine learning
  • devtools (console, search and grok profilers)
  • monitoring, of the stack, including elasticsearch, kibana, logstash etc. Very powerful, especially for keeping an eye on the health of elasticsearch search and indexing latency, or JVM performance.


Jump into /etc/kibana/kibana.yml. By default nothing is defined in this file. Properties to set:

  • make sure you set this (e.g. to for remote access
  • elasticsearch.url such as http://localhost:9200
  • server.port


List processes:

$ ps -aux | grep kibana
kibana    4955 53.2  9.6 1512112 389140 ?      Ssl  18:38   0:19 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml

Can see the node.js process. Dump ports:

$ netstat -tupln | grep node
tcp        0      0*               LISTEN      4955/node

Index Patterns

Kibana will only work with indices that you tell it to. This is managed by creating index patterns. As of Kibana 6.5, go to Management > Index Patterns (under the Kibana section).