31 January 2014

Postfix log centralize and analysis in realtime with fluentd tdagent elasticsearch and kibana - part 4

<< Back to part 3 <<

4. Config Kibana to show Postfix log event

So far so good, from previous posts we already have event logs stored in Elasticsearch, now we need to use Kibana to display interesting dashboards. 

Kibana is a great tool which connects directly to Elasticsearch, it all based on html, javascript and css and without any server side scripting => Kibana run directly in your browser and connects your browser to Elasticsearch on port tcp:9200.

To run Kibana we can use any common http server like Nginx or Apache.

Download https://download.elasticsearch.org/kibana/kibana/kibana-3.0.0milestone4.tar.gz and extract Kibana into a folder like /var/www/html/kibana/

Point the config to Elasticsearch server (this server also) : # vim /var/www/html/kibana/config.js

elasticsearch: "http://10.90.7.195:9200/",

Make sure the browser can connect to 10.90.7.195:9200. Turn any firewall in between to off.

Point the browser to http://10.90.7.195/kibana/, then select Logstash dashboard. Change the index pattern to [postfix_mail-]YYYY.MM.DD :


Try discovering Kibana by yourself, it is such a really good experience. There are lot of panel types, the most common used are : histogram (graph updating in realtime based on @timestamp field), HIT, Table and Terms (similar to SQL group-by count).

At last, we should have a dashboard like this :