Kibana reporting turns saved Discover sessions, dashboards, visualizations, and Canvas workpads into downloadable CSV, PNG, or PDF files so teams can share a fixed snapshot of what the interface showed at a specific time.

In current self-managed Kibana releases, reporting is already enabled unless you explicitly set xpack.reporting.enabled: false. The real work in enabling reliable reporting is the surrounding configuration: persistent encryption keys, user privileges, a Kibana address that the screenshotting browser can reach for PNG and PDF jobs, and any operating-system packages the bundled Chromium runtime needs.

Reporting jobs run in the Kibana background and store job metadata in Elasticsearch. CSV exports have different limits from PNG and PDF exports, PDF and PNG remain subscription features, and a restart with random encryption keys can invalidate queued reports. On self-managed deployments, keep the Elasticsearch setting stack.templates.enabled at its default true value so Kibana can install the built-in reporting template it uses for report storage.

Related: How to set Kibana encryption keys
Related: How to set the Kibana server host and port
Related: How to check Kibana status

Steps to enable Kibana reporting:

  1. Check whether reporting has been explicitly disabled in the active Kibana configuration. 
    $ sudo rg -n "^xpack\\.reporting\\.enabled:" /etc/kibana/kibana.yml || true
143:xpack.reporting.enabled: false

    If you get no output, reporting keeps the current default of true and does not need an explicit enable line.

    Current Elastic documentation discourages disabling reporting with this setting. Restrict user access with roles and spaces instead of turning the feature off for the whole server.

  2. Generate persistent encryption keys for reporting, sessions, and encrypted saved objects. 
    $ sudo /usr/share/kibana/bin/kibana-encryption-keys generate --quiet --force
xpack.encryptedSavedObjects.encryptionKey: 8e5236642ea6867e3109b98955ac09d998f1d45e8c538de751a17d7beda28c95
xpack.reporting.encryptionKey: c0fbb0cc32b228b9b95537e9ec04480abd5509d78ebf6d0d9bbfe624cb021656
xpack.security.encryptionKey: 3b2bb2da7265332eccc48ddbd6bca6bb9dc61f19d3133deaea2509c27a9f1134

    Use the same values on every Kibana instance connected to the same deployment so sessions and queued reports remain decryptable across restarts and load-balanced nodes.

    Related: How to set Kibana encryption keys

  3. Open the active Kibana configuration and add the reporting settings plus the generated keys. 
    $ sudoedit /etc/kibana/kibana.yml
    xpack.reporting.enabled: true
xpack.encryptedSavedObjects.encryptionKey: 8e5236642ea6867e3109b98955ac09d998f1d45e8c538de751a17d7beda28c95
xpack.reporting.encryptionKey: c0fbb0cc32b228b9b95537e9ec04480abd5509d78ebf6d0d9bbfe624cb021656
xpack.security.encryptionKey: 3b2bb2da7265332eccc48ddbd6bca6bb9dc61f19d3133deaea2509c27a9f1134

    If reporting is already enabled by default, you can omit xpack.reporting.enabled: true and keep only the persistent key settings.

    Changing xpack.security.encryptionKey signs out active users, and changing xpack.reporting.encryptionKey can make pending report jobs fail after the restart.

    Archive and container layouts can load a different kibana.yml path than /etc/kibana/kibana.yml.

  4. Install the headless-browser packages required for PNG and PDF exports on your Linux distribution. 
    $ sudo apt update && sudo apt install -y fonts-liberation libfontconfig1 libnss3

    Ubuntu and Debian need at least fonts-liberation, libfontconfig1, and libnss3 for the bundled Chromium runtime.

    On RHEL family systems, install xorg-x11-fonts-100dpi, xorg-x11-fonts-75dpi, xorg-x11-utils, xorg-x11-fonts-cyrillic, xorg-x11-fonts-Type1, xorg-x11-fonts-misc, vlgothic-fonts, fontconfig, and freetype instead.

    If you only need CSV exports, the screenshotting packages are not required because CSV jobs do not launch the headless browser.

  5. Set server.host so the reporting browser can reach the Kibana server for PNG and PDF jobs. 
    server.host: "0.0.0.0"

    Elastic currently prefers server.host: 0.0.0.0 for self-managed PNG and PDF reporting in production so the local screenshotting browser can connect back to Kibana.

    Binding to every interface can expose Kibana on unintended networks. Keep firewall, reverse-proxy, and routing controls in place before you restart.

    Do not add xpack.reporting.kibanaServer.* settings unless you specifically need the headless browser to use a different hostname. Current Elastic documentation warns that incorrect values can make PDF and PNG reporting fail.

    Related: How to set the Kibana server host and port

  6. Restart the Kibana service to load the reporting configuration. 
    $ sudo systemctl restart kibana

    Related: How to manage the Kibana service with systemctl in Linux

  7. Confirm the reporting keys are present in the configuration that the service is actually using. 
    $ sudo rg -n "^xpack\\.(reporting\\.enabled|reporting\\.encryptionKey|encryptedSavedObjects\\.encryptionKey|security\\.encryptionKey):" /etc/kibana/kibana.yml
200:xpack.reporting.enabled: true
201:xpack.encryptedSavedObjects.encryptionKey: 8e5236642ea6867e3109b98955ac09d998f1d45e8c538de751a17d7beda28c95
202:xpack.reporting.encryptionKey: c0fbb0cc32b228b9b95537e9ec04480abd5509d78ebf6d0d9bbfe624cb021656
203:xpack.security.encryptionKey: 3b2bb2da7265332eccc48ddbd6bca6bb9dc61f19d3133deaea2509c27a9f1134

    If your service reads a different config path, run the same check against that file instead of assuming /etc/kibana/kibana.yml.

  8. Search recent logs for the common reporting and encryption failures that block exports. 
    $ sudo journalctl --unit=kibana --since "10 minutes ago" --no-pager | rg -n "Generating a random key|ephemeral encryption key|Unable to connect|connection refused|headless_shell|sandbox"

    No output for the missing-key patterns means Kibana is not falling back to random reporting keys.

    If PDF or PNG jobs still fail, the same log window usually shows whether the problem is browser dependencies, a connection failure back to Kibana, or a sandbox restriction.

  9. Verify the user and space have the permissions needed to generate reports.

    Current Kibana reporting access is controlled with Kibana application privileges, not by toggling xpack.reporting.enabled for individual users. Give the relevant indices read and view_index_metadata, then grant the reporting user the required Dashboard, Discover, Canvas, or Visualize Library reporting privileges.

    With a Basic license, sub-feature privileges are unavailable, so the relevant applications need All privileges for CSV reporting. PDF and PNG exports remain subscription features.

  10. Generate a test report from a saved object.

    Open a saved Discover session, dashboard, visualization, or Canvas workpad, then use the toolbar Export icon or ShareExport tab to choose the file type. CSV Reports create background jobs for saved Discover sessions, and CSV Download exports Lens table data directly.

  11. Open the Reporting management page and download the finished file.

    Use the Kibana navigation menu or global search to open Reporting, confirm the job reaches a completed state, and download the output.

    If PDF or PNG jobs still fail, click Run reporting diagnostics from the report listing page to check browser dependencies, connectivity, and other common deployment issues.