
Kibana
Your customers and internal teams ask about system health, alert status, and performance metrics around the clock. Your AI agent queries Kibana's Elasticsearch data in real time, delivering instant answers about detection alerts, cluster metrics, and case status without anyone logging into a dashboard.




From detection alerts to Fleet management, your AI agent taps into Kibana's full analytics stack to answer operational questions the moment they arise.
Kibana
See how teams use AI agents to query Kibana data instantly, transforming how they monitor infrastructure, investigate security events, and track system health.
A security analyst messages 'Show me all critical alerts from the last hour.' Your AI Agent queries Kibana's detection alerts endpoint filtered by severity and time range, returns the top findings with rule names and affected hosts, and suggests which cases to investigate first. The analyst begins triage in seconds, not minutes, and your SOC response time drops significantly.
A DevOps engineer asks 'Is the production cluster healthy?' at midnight. Your AI Agent retrieves node-level metrics from Kibana, checks JVM heap utilization, disk watermarks, and indexing throughput across all nodes, then summarizes the status. The engineer gets a clear yes-or-no answer plus any anomalies flagged, all without logging into Elastic Cloud.
A new hire asks 'Where is the sales pipeline dashboard?' Your AI Agent searches Kibana saved objects for dashboards matching their query, finds the relevant one along with its space and last modified date, and returns a direct reference. No more Slack threads asking teammates for links. Onboarding becomes self-serve and your team reclaims lost time.

Kibana
FAQs
The agent can query detection alerts, alerting rules, saved objects like dashboards and visualizations, security cases, Fleet agent policies, data views, cluster node metrics, and index management details. It uses Kibana's REST APIs in real time, so responses always reflect the latest data in your Elasticsearch cluster.
No. You can scope the API key to the specific Kibana spaces and actions your agent should access. For read-only use cases like monitoring and alerting, a key with read permissions is sufficient. If you want the agent to create cases or alerting rules, grant write access to those specific endpoints only.
Yes. Through the Kibana Post Alerting Rules and Post Cases endpoints, the agent can create new alerting rules with schedules, thresholds, and notification actions, and can also open new security cases with descriptions, severity levels, tags, and assignees during a conversation.
Several Kibana endpoints accept an optional space_id parameter. When your agent queries connectors, saved objects, or actions, it can target a specific Kibana space. If no space is specified, the default space is used. You can configure the agent to always scope queries to your production space.
No. Tars queries your Kibana instance in real time and uses the response only to formulate the current conversation reply. Alert details, case data, and cluster metrics are not persisted on Tars servers. All data remains within your Elastic deployment.
Kibana dashboards require logging into the web UI, navigating spaces, and building queries manually. Tars lets anyone on your team ask a plain-language question in Slack or your website chat and get the answer instantly. No Kibana expertise required, and your agents work across WhatsApp, web, and other channels.
Yes. The integration includes Fleet endpoints for listing enrollment API keys, retrieving installed packages from the Elastic Package Manager, checking agent setup status, and listing data streams. Your agent can confirm which integrations are deployed and whether agents are properly enrolled.
If Kibana returns an error or times out, the agent informs the user that it could not reach Kibana and suggests checking cluster health. You can configure fallback messages and escalation paths, such as notifying an on-call engineer when the Kibana connection fails.
Don't limit your AI Agent to basic conversations. Watch how to configure and add powerful tools making your agent smarter and more functional.

Privacy & Security
At Tars, we take privacy and security very seriously. We are compliant with GDPR, ISO, SOC 2, and HIPAA.