designetwork(EN)

IT technical memo of networking

Kibana5 export search result of Discover tab to CSV

f:id:daichi703n:20170327005406p:plain

One of the functions that is hardly implemented while being requested by Kibana is export from the Discover screen. Github also has long been requested as an issue.

github.com

Among them, there are some people who provide function implementation version as follows.

If you are adventurous enough, you can implement it yourselves. It is fairly simple. For example this commit for version 5.1. Build instructions here.

Here is the screenshot:

f:id:daichi703n:20170326234449p:plain

In this time I built a feature addition version of Kibana and checked the operation. Also, since it created a Docker container so that it can be introduced more easily, it is made public.

Prerequisites

Prerequisites and knowledge of this article are as follows.

  • Installing and using Elasticsearch.
  • Knows how to change the setting in Kibana.
  • Available to use Docker.

By the way, I understand that although the history of Docker is very shallow, it does not reach many points. In addition, since Kibana 5.2.3 is used in this article, it is necessary to adjust the version of Elasticsearch as well.

Build with the noted procedure

Install and set up the export function additional version of Kibana in the procedure you are making public.

github.com

I had some problems but I managed to build it.

  • Although not described in the explanation, git clone https://github.com/tongwang/kibana.git
  • If nvm install "$(cat .node-version)" returns does not exist, ~/.nvm/nvm.sh install "$(cat .node-version)"

Start Kibana

Kibana’s setting file is /etc/kibana/config/kibana.yml. Set the server.port, server.host, server.name, elasticsearch.url, (uncomment out kibana.index?).

The method of starting kibana is as follows.

cd /etc/kibana (when cloned kibana into /etc/)
npm start

At this time there was a case that Proxy could not access because of how. If server.host: 0.0.0.0 was specified in kibana.yml, it was redirected to 0.0.0.0. You can now access it by excluding --dev from the startup options.

vi /etc/kibana/package.json

-  "start": "sh ./bin/kibana --dev",
+  "start": "sh ./bin/kibana",

By accessing the designated port by npm start after various settings, you can access Kibana with export function. As you can see again, a screen with export is displayed like this.

f:id:daichi703n:20170327001735p:plain

Try exporting

I tried exporting at once, but I can download CSV file but it is not output …

f:id:daichi703n:20170327001920p:plain

When I tried variously, it is useless in a simple Discover state, it seems that it will not be exported unless index is added in the left pane. It suffices if the column is displayed as shown in the next screen.

f:id:daichi703n:20170327002624p:plain

I could export as follows.

f:id:daichi703n:20170327002710p:plain

Easy to introduce with the Docker container

To be honest, git clone, build, and introduction hurdles are somewhat expensive (myself was inexperienced and difficult). Also, in the Proxy environment, since communication of Git (Port 9418) occurs, communication can not be made depending on the setting of the Proxy server, and the build can not be completed.

For ease of introduction, I created a pre-built Docker container. However, this is the first time for my own container push to Dockerhub, so I can not optimize it at all. Capacity is also big, but please understand. (About 3 GB)

https://hub.docker.com/r/daichi703n/kibana-exp-52/

How to install

The introduction procedure is as follows. Like the official, I would like to be able to specify Elasticsearch’s path with the start option, but it is not implemented. Please edit the setting file.

docker pull daichi703n/kibana-exp-52
docker images
// check daichi703n/kibana-exp-52 is exist

docker run -d -p 5605:5601 --name some-kibana daichi703n/kibana-exp-52 /sbin/init
docker ps -a
// CONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS              PORTS                    NAMES
// 2098d63548c3        daichi703n/kibana-exp-52   "/sbin/init"        3 minutes ago       Up 3 minutes        0.0.0.0:5605->5601/tcp   some-kibana

docker exec -it some-kibana /bin/bash  // logging into docker container
cd /etc/kibana/
vi ./config/kibana.yml  //adjust on your environment
npm start  // OK if displayed like below

> kibana@5.2.3 start /etc/kibana
> sh ./bin/kibana

  log   [15:41:48.351] [info][status][plugin:kibana@5.2.3] Status changed from uninitialized to green - Ready
  log   [15:41:48.424] [info][status][plugin:elasticsearch@5.2.3] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [15:41:48.457] [info][status][plugin:console@5.2.3] Status changed from uninitialized to green - Ready
  log   [15:41:48.494] [warning] You're running Kibana 5.2.3 with some different versions of Elasticsearch. Update Kibana or Elasticsearch to the same version to prevent compatibility issues: v5.2.2 @ 192.168.1.81:9200 (192.168.1.81)
  log   [15:41:49.815] [info][status][plugin:timelion@5.2.3] Status changed from uninitialized to green - Ready
  log   [15:41:49.823] [info][status][plugin:elasticsearch@5.2.3] Status changed from yellow to green - Kibana index ready
  log   [15:41:49.824] [info][listening] Server running at http://0.0.0.0:5601
  log   [15:41:49.825] [info][status][ui settings] Status changed from uninitialized to green - Ready

You can use it by accessing http://<server IP>:<Kibana forwarding port>. The port number can be changed with the -p parameter at container startup.

Conclusion - Kibana5 export search result of Discover tab to CSV

I introduced Kibana with the export function and confirmed that it can export CSV from Discover. Also, because I created a pre-built Docker container, it can be introduced easily.


This Blog is English Version of my JP's.

Sorry if my English sentences are incorrect.

designetwork