How to use Kibana in Digital Network Architecture (DNA) Center

Introduction

This document describes how to use Kibana in order to search for specific messages or logs among the different DNA Center services.

Contributed by Alexandro Carrasquedo, Cisco TAC Engineer.

Prerequisites

Requirements

• Have a DNA Center cluster running.
• Be familiar with the names and use use of DNA Center services.

Background Information

Kibana is an open source data visualization plugin for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster that are available in DNA Center. You can access it in two ways:

• https://<DNA Center ip>/kibana
• System Settings -> System 360 -> Tools -> Log exporter

Overview of thedefault Kibana web page

Kibana has several default fields, which are highlighted in the following image:

• Time - Time when the message was seen.
• Log - Raw content of the log.
• Kubernetes.labels.serviceName - Service that displays the specific log.
• Level - Urgency of that specific log.

You can use these fields to provide a comprehensive output that can help you diagnose problems within your DNA Center cluster. Following are some sample use cases to help you get started with Kibana.

Note:This document provides examples on specific services. Howeve you can try these searches on services that fit your troubleshooting needs.

Use cases

Get all logs that are part of the onboarding service.

kubernetes.labels.serviceName:onboarding-service

Get all the logs that contain the string "error"

Tip: The most common log entries that indicate problems contain "Error", "Failed" and "Exception", feel free to modify the string to be any other common string that can guide you in your troubleshooting.

log:error

Mix and match your search

You can search for entries that match a combination of strings by using AND (or &&) between the strings.

log:error AND kubernetes.labels.serviceName:onboarding-service

Note: Not all fields are searchable.

If you want to see only searchable fields in the Available Fields pane, select the cog wheel and customize the view. You can also define the type of search that you want to use, for example, string, Boolean, number, and so on.

Get all the logs from a specific date

You can add a time element to your search criteria. Use one of the following options from the Time Range field:

• Quick — From the last X minutes, hours, days, or weeks.
• Relative — From the last X minutes, hours, days, or weeks to a specific date.
• Absolute — From a specific date to another specific date. 

Add fields to your search or view

You can add more fields to the default view in order to get more information about your logs. Go to the Available Fields pane, select Add and select the fields you want to show. After you save your selections, the fields appear in the main view.

Search for errors from two different services at the same time

Include two or more services in your search criteria. Ensure that the services names are entered in parenthesis and separate them with OR.

log:error && (kubernetes.labels.serviceName:onboarding-service OR kubernetes.labels.serviceName:telemetry-agent)

Reference

• Elastic searh common options
• Apache Lucene - Query Parser Syntax