Let's perform the following steps to connect to the Kibana dashboard:
- Confirm that the Kibana service has been created. By default, a ClusterIP service will be created:
$ kubectl get service mykibana-kb-http -n logging
- Before we connect to the dashboard, get the password for the default elastic user:
$ kubectl get secret elasticsearch-es-elastic-user
-n logging -o=jsonpath='{.data.elastic}' | base64 --decode; echo
- Create a port-forwarding service to access the Kibana dashboard from your workstation:
$ kubectl port-forward service/mykibana-kb-http 5601
- Open the Kibana dashboard at https://localhost:5601 in your browser. Enter elastic as the username and the password from the output of Step 2:
- On the home page, click on the Connect to your Elasticsarch index button, as shown in the following screenshot:
- Kibana will search for Elasticsearch index patterns. Define the index pattern that matches your results. In our example, we used kubernetes_cluster-*. Click on Next step to continue:
- Specify Time Filter field name as @timestamp and click on the Create index pattern button, as shown in the following screenshot:
- Click on the Discover menu. It is the first icon from the top:
- On the Discover page, use the search field to look for keywords and filters:
- If the keyword you are looking for can't be found in the current time frame, you need to change the date range by clicking on the calendar icon next to the search field and clicking on the Apply button after the new range has been selected:
With that, you've learned how to configure an EFK stack on your Kubernetes cluster in order to manage and visualize cluster-wide logs.