Kibana

Kibana is a data visualization and analytics application for Elasticsearch that provides dashboards, search, and observability interfaces for log, metrics, security, and application data (data analytics / observability).

• Interactive dashboards and visualizations for Elasticsearch data, including time series, charts, maps, and custom views (data analytics / observability).
• Log, metrics, and Application Performance Management (APM) user interfaces for exploring operational and application performance data in the Elastic Stack (observability / application performance monitoring).
• Security analytics, detections, and investigation interfaces as part of Elastic Security for threat hunting and alert triage (security operations / Security Information and Event Management (SIEM)).
• Built-in search, filtering, and query tooling over Elasticsearch indices, including text search and structured queries (enterprise search / data exploration).
• Management and administration consoles for Elastic Stack features such as index management, data views, Machine Learning (ML) jobs, and alerting rules (platform management / operations).

More About Kibana

Kibana is the visualization and user interface layer for the Elastic Stack (observability / data analytics), designed to work with Elasticsearch as its underlying data store. It addresses use cases where enterprises need to explore, visualize, and act on operational, security, and business data indexed into Elasticsearch. Kibana provides web-based dashboards and applications that allow users to search and analyze data without writing custom front-end code.

The core purpose of Kibana is to provide dashboards, visualizations, and exploratory tools over Elasticsearch indices (data analytics). Users can build charts, tables, maps, and time series views using data from logs, metrics, traces, and business events. Kibana supports interactive filtering, drill-down navigation, and saved searches, which helps teams inspect patterns, anomalies, and relationships in large datasets ingested into Elasticsearch.

Within observability (observability), Kibana includes interfaces for logs, metrics, and application performance monitoring. The Logs and Metrics applications offer views tailored for infrastructure and platform monitoring, while APM views allow inspection of distributed traces, service performance, and transaction details. These capabilities rely on Elasticsearch indices populated by Elastic Agents and other data shippers, giving operations teams a central console for system and application telemetry.

In the security domain (security operations / SIEM), Kibana is the front end for Elastic Security. It provides detection rules management, alert triage, case management, investigation timelines, and threat hunting workspaces using security event and endpoint data stored in Elasticsearch. Analysts can pivot across events, hosts, and network data, using Kibana’s search and visualization capabilities to examine potential threats.

Kibana also exposes platform-level functions of the Elastic Stack (platform management). This includes index and data view configuration, Stack management, Spaces and Role-Based Access Control (RBAC) integration, alerting and detection rule configuration, and ML job management where Elastic ML features are licensed. These tools help administrators configure data ingestion, lifecycle policies, and user access across environments.

From an architectural perspective, Kibana is a web application that connects to one or more Elasticsearch clusters over HTTP(S) (web / Representational State Transfer (REST)). It consumes Elasticsearch APIs for query, aggregation, security, and management functions and presents them through domain-focused applications. Kibana supports extensibility through plugins and integrations, enabling organizations to add custom UI components, connectors, and visualizations that operate on Elasticsearch data.

Enterprises deploy Kibana alongside Elasticsearch in on-premises (on-prem), cloud, or Elastic Cloud environments (enterprise platforms). Typical use includes centralized observability for microservices, infrastructure monitoring, security event analysis, and business analytics on operational data. In a technical directory, Kibana fits into categories such as observability platforms, SIEM front ends, Elasticsearch visualization layers, and analytics dashboards for search-based data platforms.