Elasticsearch with Kibana

Search engine + visualization dashboard — pre-wired in one stack.

Service #search#analytics#logging#elk#kibana

Elasticsearch (the distributed search and analytics engine) plus Kibana (its visualization, dashboard, and admin UI) deployed as one Pier stack with the env wiring already correct. The fastest way to get a working ELK-style log/search/analytics environment without manually plumbing two services together.

Deploy with Pier

1 Open the Pier dashboard and click Add service.
2 Pick Elasticsearch with Kibana from the template list.
3 Choose the version, set a service name, and Pier provisions the container, storage, and ports automatically.
4 Attach a domain if you want HTTPS. Traefik auto-provisions the Let's Encrypt certificate.

What is Elasticsearch with Kibana?

A bundled template that ships Elasticsearch (the distributed search / analytics / log-storage engine) and Kibana (Elasticsearch’s visualization, dashboard, and admin UI) as one Compose stack with the wiring already done.

Elasticsearch indexes documents in JSON, supports full-text search, aggregations, vector search, and time-series queries. Kibana renders the data — Discover for free-text log exploration, Lens for drag-and-drop visualizations, Dashboards for fixed reports, plus apps for Security (SIEM), Observability, ML, and Maps.

Together they’re the “E” + “K” of the ELK stack and the default observability surface for tens of thousands of organizations.

How Pier deploys it

Pier uses the official docker.elastic.co/elasticsearch/elasticsearch and docker.elastic.co/kibana/kibana images in a single Compose stack. Default internal ports: ES on 9200/tcp, Kibana on 5601/tcp. Kibana is exposed externally via Traefik; Elasticsearch can be exposed too if you need direct API access.

Pier auto-generates the elastic user password and the kibana_system service account token; both are wired into env vars so Kibana boots authenticated against ES with zero manual steps. Two persistent volumes — /usr/share/elasticsearch/data for ES indices, /usr/share/kibana/data for Kibana state.

Attach a custom domain in Pier for HTTPS Kibana access; ES is reachable internally via the Docker network from your other Pier services.

When NOT to use this template

For an existing Elasticsearch instance (managed Elastic Cloud, OpenSearch, self-hosted ES elsewhere), use a standalone Kibana template or skip Kibana and connect Grafana with the ES datasource. For log storage at scale on a tight budget, ClickHouse stores logs ~10× cheaper and is faster for aggregations — pair it with Grafana instead.

For tiny log volumes or simple metric dashboards, this stack is overkill — PostgreSQL with tsvector or a small Grafana + Prometheus deployment is lighter. ES + Kibana hits the sweet spot for “I want one stack that does search + logs + dashboards + alerting + SIEM.”

Key features

Pre-wired ES + Kibana

Kibana auto-discovers Elasticsearch via the internal Docker network — no manual ELASTICSEARCH_URL config, no token copy-paste.

Elasticsearch 8+ security on

HTTPS + basic auth enabled by default. Strong elastic-user password auto-generated by Pier. Kibana gets a service-account token wired in.

Kibana dashboards

Visualization layer for ES — Lens (drag-and-drop charts), Discover (log search), Maps, Canvas, Dashboards, Alerting, ML, Observability, Security apps.

ES|QL ad-hoc queries

SQL-like pipe-syntax query language for fast ad-hoc exploration. Lower barrier than ES Query DSL for engineers and analysts.

Two persistent volumes

ES data in one volume, Kibana config in another. Restart, upgrade, and back up each independently.

Single-node deployment

This template runs single-node ES suitable for dev/test/small prod. For production clusters with 3+ master nodes, you orchestrate that manually.

Use cases

Log aggregation (ELK stack)

The classic "E" + "K" of ELK. Add Logstash, Beats, Fluent Bit, or Vector to ship logs in — Kibana dashboards visualize them.

Application search

Backing search engine for an e-commerce site, docs portal, or in-app search. Kibana for ops/admin; your app talks ES directly.

SIEM / security analytics

Elastic Security app inside Kibana — log ingestion, detection rules, anomaly detection. SIEM without paying Splunk prices.

Time-series analytics

Metrics + APM data in Elasticsearch, dashboards in Kibana. Lighter than Prometheus + Grafana for some shapes of data.

Quick RAG vector store with a UI

ES 8+ has dense_vector indexing. Use Kibana's Dev Console + Discover to explore vectors visually during prototyping.

Code examples

First-time Kibana login text

1. Open https://kibana.example.com (Pier domain)
2. Username: elastic
3. Password: (from Pier service page — auto-generated)
4. Skip "Welcome" tour → Stack Management → API Keys → create one for your app

Index a sample doc + visualize bash

# From Dev Tools console in Kibana, paste:
POST sample-orders/_doc
{"customer": "alice", "amount": 42.50, "ts": "2026-05-29T10:30:00Z"}

# Then: Discover → create data view "sample-orders*" → see your doc.

ES|QL ad-hoc query sql

FROM logs-*
| WHERE @timestamp > NOW() - 24 HOURS
| STATS count = COUNT(*) BY service.name
| SORT count DESC
| LIMIT 20

Send logs from Fluent Bit text

[OUTPUT]
  Name             es
  Match            *
  Host             elasticsearch.example.com
  Port             9200
  HTTP_User        elastic
  HTTP_Passwd      <password>
  tls              On
  Index            logs
  Type             _doc

How it compares

vs Elasticsearch only (this catalog)	Plain ES is fine if you already have Kibana hosted elsewhere or use a different UI (Grafana with ES datasource). This bundle is the convenience choice for "give me both, pre-wired."
vs OpenSearch + OpenSearch Dashboards	The AWS-led fork of ES + Kibana (split at ES 7.10's license change). API-compatible. Choose OpenSearch for strict Apache 2.0; ES + Kibana for latest features and Elastic's polish.
vs Grafana with Elasticsearch datasource	Grafana can visualize ES data too. Kibana is purpose-built for ES — Lens, Discover, deep ES admin features. Choose Kibana for primary ES workflow; Grafana when ES is one of many datasources.
vs ClickHouse + Grafana	ClickHouse is much cheaper for log storage at scale and faster for aggregations. ES + Kibana wins on full-text search, deep nested JSON, ad-hoc free-text exploration.

Frequently asked questions

What does "pre-wired" mean exactly?

Pier sets Kibana's elasticsearch.hosts to the internal Elasticsearch service URL, generates the service-account token for Kibana to authenticate, and shares the elastic user password through env vars. You don't manually copy any URLs/tokens.

Memory requirements?

Elasticsearch is JVM and memory-hungry. Minimum 2 GB for the ES container; 4 GB+ for production. Kibana adds ~500 MB. Total realistic minimum — 4 GB VPS.

How do I connect my app?

Use the elastic user password (in Pier service page) or create a dedicated API key via Kibana's Stack Management → API Keys.

Single-node OK for production?

For small-to-mid log volumes (tens of GB/day) — yes. For larger production loads, you want 3+ ES nodes — out of scope for this single-stack template.

Can I disable TLS for internal-only use?

Yes — set xpack.security.enabled=false in Pier env. Only do this for closed networks; ES 8+ has security on by default for good reasons.

How do I update?

Update both ES and Kibana versions together in lockstep (Kibana refuses to start against a different-major ES). Pier offers matched version selectors.

Backups?

Use ES Snapshot Repositories — configure an S3-compatible repo and run snapshot policies on a schedule. Backup is a single API call.

Related services

Deploy on your VPS

Deploy this service →