Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A log analyzing web interface for logstash and elasticsearch. More info at http://www.kibana.org

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bootstrap
css
images
js
utilities
LICENSE
README
config.php
favicon.ico
index.php
loader2.php
stream.html

README

Kibana - A web based log analysis tool
Copyright 2011 Rashid Khan <flipwork #logstash irc.freenode.net>

Installation
------------
This assumes you already have a functioning logstash/elasticsearch
infrastructure, perhaps with some filters to define fields. Config
of logstash and/or elasticsearch is outside of the scope of this file

Requirements:
elasticsearch >= 0.18.0
php >= 5.2
php5-curl

Other than that, it works just like any other PHP application. Untar 
and go at it. 

Edit config.php to set your elasticsearch server. 

Notes
-----
Q: Why is there no last button?
A: ElasticSearch isn't so hot at going to the last result of a many
million result query. 

Q: Why is this in PHP instead of Java, Ruby, etc?
A: Because PHP is what I know. The total PHP is less than 200 lines.
If you want it in something else, it shouldn't be too hard to port
it to your language of choice

Q: Why do I have to set a limit on events to analyze
A: Big result sets take a long time to retrieve from elasticsearch
and parse out

Q: Well then why don't you use the Elastic Search terms facet?
A: I've found the terms facet to cause out of memory crashes with
large result sets. I don't know a way to limit the amount of memory a
facet may use. Until there's a way to run a facet and know for sure it 
won't crash Elastic Search, I'm going to keep analysis features implemented 
in PHP. I'm open to other suggestions though.

Q: Where can I get some help with this?
A: Find me on Freenode - flipwork in #logstash
Something went wrong with that request. Please try again.