Elastic Stack之kibana使用
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
本篇博客数据流走向:FileBeat ===》Redis ===》logstash ===> elasticsearch ===>kibana。
一.下载kibanna
1>.进入kibanna下载界面
2>.选择kibanna过去发布的版本(https://www.elastic.co/downloads/kibana)
3>.选择kibanna的发行版本
4>.下载kibana
[root@node105 ~]#
[root@node105 ~]# ll
total
-rw-r--r--. root root Sep : filebeat-5.6.-x86_64.rpm
-rw-r--r--. root root Mar : GeoLite2-City.tar.gz
-rw-r--r--. root root Sep : logstash-5.6..rpm
[root@node105 ~]#
[root@node105 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-linux-x86_64.tar.gz
---- ::-- https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-linux-x86_64.tar.gz
Resolving artifacts.elastic.co (artifacts.elastic.co)... 151.101.230.222, 2a04:4e42:1a::
Connecting to artifacts.elastic.co (artifacts.elastic.co)|151.101.230.222|:... connected.
HTTP request sent, awaiting response... OK
Length: (50M) [application/x-gzip]
Saving to: ‘kibana-5.6.-linux-x86_64.tar.gz’ %[================================================================================================================================================================================>] ,, 152KB/s in 9m 45s -- :: (87.5 KB/s) - ‘kibana-5.6.-linux-x86_64.tar.gz’ saved [/] [root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# ll
total
-rw-r--r--. root root Sep : filebeat-5.6.-x86_64.rpm
-rw-r--r--. root root Mar : GeoLite2-City.tar.gz
-rw-r--r--. root root Sep : kibana-5.6.-linux-x86_64.tar.gz
-rw-r--r--. root root Sep : logstash-5.6..rpm
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-linux-x86_64.tar.gz
[root@node105 ~]#
[root@node105 ~]# ll
total
-rw-r--r--. root root Sep : filebeat-5.6.-x86_64.rpm
-rw-r--r--. root root Mar : GeoLite2-City.tar.gz
-rw-r--r--. root root Sep : kibana-5.6.-linux-x86_64.tar.gz
-rw-r--r--. root root Sep : logstash-5.6..rpm
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-x86_64.rpm
---- ::-- https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-x86_64.rpm
Resolving artifacts.elastic.co (artifacts.elastic.co)... 151.101.230.222, 2a04:4e42:1a::
Connecting to artifacts.elastic.co (artifacts.elastic.co)|151.101.230.222|:... connected.
HTTP request sent, awaiting response... OK
Length: (51M) [application/octet-stream]
Saving to: ‘kibana-5.6.-x86_64.rpm’ %[================================================================================================================================================================================>] ,, .4KB/s in 11m 1s -- :: (79.2 KB/s) - ‘kibana-5.6.-x86_64.rpm’ saved [/] [root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# ll
total
-rw-r--r--. root root Sep : filebeat-5.6.-x86_64.rpm
-rw-r--r--. root root Mar : GeoLite2-City.tar.gz
-rw-r--r--. root root Sep : kibana-5.6.-linux-x86_64.tar.gz
-rw-r--r--. root root Sep : kibana-5.6.-x86_64.rpm
-rw-r--r--. root root Sep : logstash-5.6..rpm
[root@node105 ~]#
[root@node105 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-x86_64.rpm
二.安装与配置kibanna
1>.安装kibanna
[root@node105 ~]#
[root@node105 ~]# ll
total
-rw-r--r--. root root Sep : filebeat-5.6.-x86_64.rpm
-rw-r--r--. root root Mar : GeoLite2-City.tar.gz
-rw-r--r--. root root Sep : kibana-5.6.-linux-x86_64.tar.gz
-rw-r--r--. root root Sep : kibana-5.6.-x86_64.rpm
-rw-r--r--. root root Sep : logstash-5.6..rpm
[root@node105 ~]#
[root@node105 ~]# rpm -ivh kibana-5.6.-x86_64.rpm
warning: kibana-5.6.-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [%]
Updating / installing...
:kibana-5.6.- ################################# [%]
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# rpm -ql kibana | wc -l [root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# rpm -ivh kibana-5.6.12-x86_64.rpm
2>.编辑kibanna的配置文件
[root@node105 ~]#
[root@node105 ~]# cp /etc/kibana/kibana.yml /etc/kibana/kibana.yml-`date +%F`
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# cat /etc/kibana/kibana.yml | egrep -v "^#|^$"
server.port:
server.host: "0.0.0.0"
server.name: "node105.yinzhengjie.org.cn"
elasticsearch.url: "http://node101.yinzhengjie.org.cn:9200"
elasticsearch.preserveHost: true
kibana.index: ".kibana"
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# cat /etc/kibana/kibana.yml | egrep -v "^#|^$"
3>.启动kibanna服务
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# systemctl start kibana
[root@node105 ~]#
[root@node105 ~]# systemctl enable kibana
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# systemctl status kibana
● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
Active: active (running) since Tue -- :: CST; 9s ago
Main PID: (node)
CGroup: /system.slice/kibana.service
└─ /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:kibana@5.6.12","info"],"pid":,"state":"green","message":"Status c...ninitialized"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:elasticsearch@5.6.12","info"],"pid":,"state":"yellow","message":"...ninitialized"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:console@5.6.12","info"],"pid":,"state":"green","message":"Status ...ninitialized"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:metrics@5.6.12","info"],"pid":,"state":"green","message":"Status ...ninitialized"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:timelion@5.6.12","info"],"pid":,"state":"green","message":"Status...ninitialized"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["listening","info"],"pid":,"message":"Server running at http://0.0.0.0:5601"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","ui settings","info"],"pid":,"state":"yellow","message":"Status changed f...ninitialized"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:40Z","tags":["status","plugin:elasticsearch@5.6.12","info"],"pid":,"state":"yellow","message":"...lasticsearch"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:41Z","tags":["status","plugin:elasticsearch@5.6.12","info"],"pid":,"state":"green","message":"S... index found"}
Mar :: node105.yinzhengjie.org.cn kibana[]: {"type":"log","@timestamp":"2019-03-12T14:39:41Z","tags":["status","ui settings","info"],"pid":,"state":"green","message":"Status changed fr...in is yellow"}
Hint: Some lines were ellipsized, use -l to show in full.
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]#
[root@node105 ~]# ss -ntl | grep
LISTEN *: *:*
[root@node105 ~]#
[root@node105 ~]# systemctl start kibana
4>.访问kibanna的web端口
三.kibanna的web界面
1>.搜索响应码是400的日志信息(response: 404 )
2>.搜索响应码是400或者是200的日志信息(response: 404 OR response: 200)
3>.搜索响应码在200~404之间的(response: [200 TO 404])
4>.搜索关键字(比如:agent :curl)
四.kibana的图表之饼图(pie)创建案例
1>.点击“Create a visualization”
2>.点击Pie
3>.点击logstash索引
4>.生成饼图
5>.查看已经保存的图
五.kibana的图表之地图创建案例
1>.点击新建
2>.选择地理位置的图
3>.选择索引
4>.查看结果
5>.保存地图
6>.查看已经保存的图
六.创建面板
1>.创建新面板
2>.点击添加按钮
3>.选中你要合并的图
4>.保存自定义面板
5>.查看已经保存的视图
6>.查看视图的详细信息
