Around four years ago, I was working for one of the industry's big data vendors. In this role, I had the opportunity to work with a number of data-driven startups. These companies wanted to analyze massive amounts of data in real time and were fearless when it came to trying new technologies. It was with these startups that I began to hear whispers of this new hotness called Elasticsearch. After hearing about Elastic and how awesome it is from three different startups, I had to check it out to see what's it all about.
A few years have passed, and I was still working with data, only this time in the cybersecurity space. It wasn't long before I started to hear that security users were adopting the Elastic Stack and how awesome it is for security investigations. Now, let's face it, you hardly see a nice UI in enterprise products. But when I went to the Elastic website, I found out there is now a spectacularly pretty UI, called Kibana, on top of Elasticsearch, and it's an easy way to create meaningful visualizations on top of complex data. After watching Kibana from the sidelines for the last 2 years, I'm super excited to join the team as a new Kibana product manager and share with you in this blog my three favorite features in Kibana 6.0!
1. Dashboard-Only Mode
Kibana allows you to build useful, insightful representations of your data that you may want to share far and wide! While that's true, you should be careful who has write access to the colorful dashboards you built. Until today, all Kibana users were created equal. Which is a great concept until someone accidentally edits (or deletes) your dashboard. Using the Kibana Dashboard-Only Mode you can provide limited access to users who only need to explore the data without the ability to edit or delete.
2. View Surrounding Documents
For all of you investigating an incident, you know that you often narrow down to a suspicious log entry after using search and applying filters. But now you need to check the logs which came before and after a specific entry which you spotted. In a click of a button you can now jump to View Surrounding Documents from Discover and see what came right before and after that event. It's a smooth practical tool that is super useful when you are troubleshooting out of memory issue or investigating security incident.
3. Export to CSV
I admit, I love spreadsheets, whether it's to create a table, prioritize items, or just comment on stuff for myself - they are always helpful in getting me to align back to my priorities. So, being able to export Discover layout into CSV is a very familiar experience and comfortable feeling for me! For those that use X-Pack alerting features, you can now also conditionally send or schedule CSV exports. Lastly, I will mention that, export to CSV has been one of Kibana's most requested features in GitHub, so the celebration only gets bigger ;-)