5 reasons that will make you use Kibana

Many companies use a tool like Kibana to collect and analyze logs. But there is a problem that is expressed in the fact that this tool is rarely or almost never used. Why is this happening? The fact is that a person is used to analyzing logs directly on the instance. Read the logs from the original source, so to speak. This is by far the best way. And few people do not like to change their habits. Because this is a kind of way out of the comfort zone and not everyone is always ready for this.

Log reading cases

But there are situations when there is no way to go directly to the instance. For example, it is necessary to analyze an incident that happened in production and we do not have access to this environment for all known reasons. Another situation is if the service runs on the Windows operating system, and access is needed for three or more employees at the same time. As we all well know, Windows has a policy of no more than two people working at the same time when logging in via RDP (Remote Desktop Protocol). In order to get simultaneous RDP access to a larger number of employees, it is necessary to buy a license, and not every company is ready to do this.

ELK stack

This brings us back to our wonderful Kibana tool. Kibana is part of the ELK stack, which also includes Elasticsearch and Logstash. Kibana is used not only for visualizing data in various formats, but also for quickly searching and analyzing logs. And today we will talk about how comfortable it is to switch to this tool and what hidden opportunities it has for this.

Ways and life hacks

To begin with, you can enter the number of an operation in the Search field and select the period of time for which you want to search. As a result of this request, a timeline will be displayed with the number of hits for this number.

You can also make complex search queries. There is a special query language called KQL (Kibana Query Language). With this language, you can create multi-level queries that help filter out the information you want. For example, you can select a test environment and give it a specific name. If you need to find any phrase, then double quotes come to our aid. When two or more words are enclosed in double quotes, the entire phrase is searched for.

More information on composing complex queries can be found on the official elastic website. For those who are used to studying logs in chronological order, Kibana also has such an opportunity. When we find a specific error in our log, I would like to see what happened before and after. To do this, click on the found log fragment and then click on View. A list of logs will open in front of you, in which your request will be highlighted in gray. And several lines of log will be loaded that preceded our error.

These logs will be at the bottom. And a few lines that came after our mistake. These lines will be higher than our mistake. In Kibana, logs are read from bottom to top, unlike instance logs, where logs go from top to bottom. By default, 5 lines are loaded before and 5 after, but this value can be changed and then click the Load button. After that, the specified number of log lines will be loaded above our error. The same can be done with previous logs.

The default value of 5 can be changed in the system settings by going to Stack Management> Advanced Settings

Conclusion

In this article, I did not intend to teach you how to use the Kibana tool. There are a lot of detailed articles and videos about this on the Internet. And there is plenty of information on the official elastic website. I wanted to show how comfortably and effortlessly you can start using a different way of reading logs. And at the same time, it is possible to solve several problems at the same time, ranging from leaving the comfort zone and ending with the most complex queries combined with the speed of obtaining the result.

In anticipation of the start of the course “Java QA Engineer. Basic”, we invite everyone to a two-day online intensive course “Testing theory and practice in TestIT and Jira systems.”

On the intensive course, you will learn what testing is and where it came from, who a tester is and what he does. We will study software development models, testing life cycle, checklists and test cases, as well as defects. In the second lesson, we will get acquainted with one of the main task and defect trackers – Jira, as well as practice in TestIT – a domestic development for solving problems of testing and ensuring software quality.

BOOK UP FOR INTENSIVE. Day 1

BOOK FOR INTENSIVE. Day 2

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *