- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.2
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Developer guide
Reporting production considerations
editReporting production considerations
editTo generate reports, Kibana uses the Chromium web browser, which runs on the server in headless mode. Chromium is an open-source project not related to Elastic, and is embedded into Kibana. Chromium may require additional OS dependencies to run properly.
Chromium is not embedded into Kibana for the Darwin (Mac OS) architecture. When running on Darwin, Reporting will download Chromium into the proper area of the Kibana installation path the first time the server starts. To separately download and install the browser, see Manually install the Chromium browser for Darwin.
Chromium sandbox
editFor an additional layer of security, use the sandbox. The Chromium sandbox uses operating system-provided mechanisms to ensure that code execution cannot make persistent changes to the computer or access confidential information. The specific sandboxing techniques differ for each operating system.
Linux sandbox
editThe Linux sandbox depends on user namespaces, which were introduced with the 3.8 Linux kernel. However, many
distributions don’t have user namespaces enabled by default, or they require the CAP_SYS_ADMIN capability. The reporting features
automatically disable the sandbox when it is running on Debian because additional steps are required to enable
unprivileged usernamespaces. In these situations, you’ll see the following message in your Kibana startup logs:
Chromium sandbox provides an additional layer of protection, but is not supported for your OS.
Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'.
Reporting automatically enables the Chromium sandbox at startup when a supported OS is detected. However, if your kernel is 3.8 or newer, it’s
recommended to set xpack.reporting.capture.browser.chromium.disableSandbox: false
in your kibana.yml
to explicitly enable usernamespaces.
Docker
editWhen running Kibana in a Docker container, all container processes are run within a usernamespace with seccomp-bpf and AppArmor profiles that prevent the Chromium sandbox from being used. In these situations, disabling the sandbox is recommended, as the container implements similar security mechanisms.
On this page