Kibana Guide: other versions:
What is Kibana?
What’s new in 7.10
Quick start
Set up
- Install Kibana
- Configure Kibana
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Use Kibana in a production environment
- Upgrade Kibana
  - Standard upgrade
  - Upgrade migrations
- Configure monitoring
- Configure security
Discover
- Create an index pattern
- Set the time filter
- Search data
- View surrounding documents
Dashboard
- Edit dashboards
- Explore dashboard data
- Create custom dashboard actions
  - URL templating
- Share dashboards
- Tutorials
- Aggregation reference
- Vega reference
  - Resources and examples
Canvas
- Edit workpads
- Present your workpad
- Share your workpad
- Tutorial: Create a workpad for monitoring sales
- Canvas expression lifecycle
- Canvas function reference
  - TinyMath functions
Maps
- Create a multilayer map
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
  - Tutorial: Index GeoJSON data
- Troubleshoot
Machine learning
- Anomaly detection
- Data frame analytics
Graph
- Create a graph
- Configure Graph
- Troubleshoot
- Limitations
Observability
APM
- Set up
- Get started
- How-to guides
- Users and privileges
- Settings
- REST API
- Troubleshooting
Elastic Security
- Using Elastic Security
- Anomaly Detection with Machine Learning
Dev Tools
- Console
- Profiling queries and aggregations
- Debugging grok expressions
- Painless Lab
Stack Monitoring
- Beats Metrics
- Cluster Alerts
- Elasticsearch Metrics
- Kibana Alerts
- Kibana Metrics
- Logstash Metrics
- Troubleshooting
Stack Management
- Advanced Settings
- Alerts and Actions
- Beats Central Management
- Ingest Node Pipelines
- Field management
- License Management
- Numeral Formatting
- Rollup Jobs
- Saved Objects
- Security
- Snapshot and Restore
  - Tutorial: Snapshot and Restore
- Spaces
- Upgrade Assistant
- Watcher
Fleet
Reporting
- Automating report generation
- Reporting configuration
- Troubleshooting
- Reporting integration
Alerting and Actions
- Defining alerts
- Action and connector types
- Alert types
- Scale and performance
REST API
- Using the APIs
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- Saved objects APIs
- Import and export dashboard APIs
  - Import dashboard
  - Export dashboard
- Logstash configuration management APIs
- Shorten URL
- Upgrade assistant APIs
Kibana plugins
Accessibility
Breaking Changes
- 7.10
- 7.9
- 7.8
- 7.7
- 7.6
- 7.5
- 7.4
- 7.3
- 7.2
- 7.1
- 7.0
Release Notes
- Kibana 7.10.2
- Kibana 7.10.1
- Kibana 7.10.0
- Kibana 7.9.3
- Kibana 7.9.2
- Kibana 7.9.1
- Kibana 7.9.0
- Kibana 7.8.1
- Kibana 7.8.0
- Kibana 7.7.1
- Kibana 7.7.0
- Kibana 7.6.2
- Kibana 7.6.1
- Kibana 7.6.0
- Kibana 7.5.2
- Kibana 7.5.1
- Kibana 7.5.0
- Kibana 7.4.2
- Kibana 7.4.1
- Kibana 7.4.0
- Kibana 7.3.2
- Kibana 7.3.1
- Kibana 7.3.0
- Kibana 7.2.1
- Kibana 7.2.0
- Kibana 7.1.1
- Kibana 7.1.0
- Kibana 7.0.1
- Kibana 7.0.0
- Kibana 7.0.0-rc2
- Kibana 7.0.0-rc1
- Kibana 7.0.0-beta1
- Kibana 7.0.0-alpha2
- Kibana 7.0.0-alpha1
Developer guide
- Getting started
- Best practices
- Architecture
- Contributing
- External plugin development
- Advanced
- List of Kibana plugins

IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« Restrict requests with a Reporting network policy Reporting troubleshooting »

› › ›

Chromium sandbox

edit

Chromium sandbox

edit

When reporting features uses the Chromium browser for generating PDF reports, it’s recommended to use the sandbox for an additional layer of security. The Chromium sandbox uses operating system provided mechanisms to ensure that code execution cannot make persistent changes to the computer or access confidential information. The specific sandboxing techniques differ for each operating system.

Linux sandbox

edit

The Linux sandbox depends on user namespaces, which were introduced with the 3.8 Linux kernel. However, many distributions don’t have user namespaces enabled by default, or they require the CAP_SYS_ADMIN capability. The reporting features will automatically disable the sandbox when it is running on Debian and CentOS as additional steps are required to enable unprivileged usernamespaces. In these situations, you’ll see the following message in your Kibana startup logs: Chromium sandbox provides an additional layer of protection, but is not supported for your OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'.

Reporting will automatically enable the Chromium sandbox at startup when a supported OS is detected. However, if your kernel is 3.8 or newer, it’s recommended to set xpack.reporting.capture.browser.chromium.disableSandbox: false in your kibana.yml to explicitly enable usernamespaces.

Docker

edit

When running Kibana in a Docker container, all container processes are run within a usernamespace with seccomp-bpf and AppArmor profiles that prevent the Chromium sandbox from being used. In these situations, disabling the sandbox is recommended, as the container implements similar security mechanisms.

« Restrict requests with a Reporting network policy Reporting troubleshooting »

On this page

Linux sandbox
Docker

Was this helpful?

Feedback

The Search AI Company

ELK Stack

Elastic Cloud

Generative AI

Search

Security

Observability

By solution

Industries

Customer spotlight

Research

Build

Learn

Connect

Chromium sandbox

Chromium sandbox

Linux sandbox

Docker

Follow us

About us

Join us

Partners

Trust & Security

Investor relations

Excellence Awards

About us

Join us

Partners

Trust & Security

Investor relations

Excellence Awards