Kibana reporting produces CSV, PNG, and PDF exports from dashboards, visualizations, and saved searches for sharing, auditing, and offline review. Report files provide a consistent snapshot of the UI state without manual screenshots or copy/paste work.
Reporting runs as background jobs on the Kibana server, coordinating work through documents stored in Elasticsearch. PDF and PNG exports are rendered by a headless Chromium process launched by Kibana, while CSV exports are generated from query results within the reporting pipeline.
Enabling reporting is mostly configuration-driven, but stable encryption keys are critical for reliable operation across restarts and load-balanced Kibana instances. Feature availability also depends on the Elastic subscription level and server compatibility for the embedded Chromium runtime, including OS dependencies and sandbox behavior.
Steps to enable Kibana reporting:
- Generate persistent encryption keys with the kibana-encryption-keys utility.
$ sudo /usr/share/kibana/bin/kibana-encryption-keys generate --quiet xpack.encryptedSavedObjects.encryptionKey: "caeb7879368e3dd66d7302f6810daec1" xpack.reporting.encryptionKey: "c1c89f500966ac710f7fa5eaf2939976" xpack.security.encryptionKey: "e1458d710ffb321e4a4f4eb792c78b2b"
Use --quiet for paste-ready YAML lines.
- Add the reporting settings plus the generated encryption keys to /etc/kibana/kibana.yml.
xpack.reporting.enabled: true xpack.encryptedSavedObjects.encryptionKey: "caeb7879368e3dd66d7302f6810daec1" xpack.reporting.encryptionKey: "c1c89f500966ac710f7fa5eaf2939976" xpack.security.encryptionKey: "e1458d710ffb321e4a4f4eb792c78b2b"
Changing any encryptionKey value invalidates existing Kibana sessions and can break decryption of queued report jobs.
Keep the same encryptionKey values on every Kibana instance behind a load balancer.
- Restart the Kibana service to apply reporting settings.
$ sudo systemctl restart kibana
- Confirm the reporting settings are present in the active configuration file.
$ sudo rg -n "^xpack\.(reporting\.enabled|reporting\.encryptionKey|encryptedSavedObjects\.encryptionKey|security\.encryptionKey):" /etc/kibana/kibana.yml 60:xpack.reporting.enabled: true 61:xpack.encryptedSavedObjects.encryptionKey: "caeb7879368e3dd66d7302f6810daec1" 62:xpack.reporting.encryptionKey: "c1c89f500966ac710f7fa5eaf2939976" 63:xpack.security.encryptionKey: "e1458d710ffb321e4a4f4eb792c78b2b"
- Check the Kibana log for missing encryption-key warnings.
$ sudo journalctl -u kibana -n 200 --no-pager | rg -n "Generating a random key|encryption key is not set"
No output indicates key-related warnings are not present in the last 200 log lines.
- Open a dashboard in Kibana.
- Generate a PDF report from the Share menu.
If PDF or PNG options are missing, confirm the deployment subscription and the user’s reporting privileges for the current space.
- Download the completed report from Stack Management → Reporting.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
