Kibana 官方示例

Kibana 官方示例

官方網站:

https://www.elastic.co/guide/en/kibana/current/getting-started.html

中文站點:

http://kibana.logstash.es/content/kibana/v4/setup.html

環境:

kibana-4.5

elasticsearch-2.3.2

測試環境爲單機版，elasticsearch集羣環境，請參看 Elasticsearch集羣

一.下載並解壓示例數據

wget  https://www.elastic.co/guide/en/kibana/3.0/snippets/shakespeare.json

wget  https://github.com/bly2k/files/blob/master/accounts.zip?raw=true

wget  https://download.elastic.co/demos/kibana/gettingstarted/logs.jsonl.gz

二.建立mapping

Use the following command to set up a mapping for the Shakespeare data set:

curl -XPUT http://localhost:9200/shakespeare -d ' { "mappings" : { "_default_" : { "properties" : { "speaker" : {"type": "string", "index" : "not_analyzed" }, "play_name" : {"type": "string", "index" : "not_analyzed" }, "line_id" : { "type" : "integer" }, "speech_number" : { "type" : "integer" } } } } } ';

Use the following commands to establish geo_point mapping for the logs:

curl -XPUT http://localhost:9200/logstash-2015.05.18 -d '
{
  "mappings": {
    "log": {
      "properties": {
        "geo": {
          "properties": {
            "coordinates": {
              "type": "geo_point"
            }
          }
        }
      }
    }
  }
}
';

curl -XPUT http://localhost:9200/logstash-2015.05.19 -d '
{
  "mappings": {
    "log": {
      "properties": {
        "geo": {
          "properties": {
            "coordinates": {
              "type": "geo_point"
            }
          }
        }
      }
    }
  }
}
';

curl -XPUT http://localhost:9200/logstash-2015.05.20 -d '
{
  "mappings": {
    "log": {
      "properties": {
        "geo": {
          "properties": {
            "coordinates": {
              "type": "geo_point"
            }
          }
        }
      }
    }
  }
}
';

三.導入示例數據--莎士比亞全集

curl -XPOST 'localhost:9200/bank/account/_bulk?pretty' --data-binary @accounts.json
curl -XPOST 'localhost:9200/shakespeare/_bulk?pretty' --data-binary @shakespeare.json
curl -XPOST 'localhost:9200/_bulk?pretty' --data-binary @logs.jsonl

root@jlive:~#curl 'localhost:9200/_cat/indices?v'

health status index               pri rep docs.count docs.deleted store.size pri.store.size 

yellow open   shakespeare           5   1     111396            0       18mb           18mb 

yellow open   logstash-2015.05.20   5   1       4750            0     27.5mb         27.5mb 

yellow open   bank                  5   1       1000            0    442.6kb        442.6kb 

yellow open   logstash-2015.05.18   5   1       4631            0     29.2mb         29.2mb 

yellow open   logstash-2015.05.19   5   1       4624            0     30.3mb         30.3mb 

四.kibana Dashboard

https://www.elastic.co/guide/en/kibana/current/tutorial-define-index.html

1.Settings(定義Index Patterns)

http://kibana.logstash.es/content/kibana/v4/settings.html

建立時不要勾選 Index contains time-based events

建立3個indices(shakes*, ba*, logstash*)

2.Discover

account_number:<100 AND balance:>47500

3.Visualize

https://www.elastic.co/guide/en/kibana/current/tutorial-visualizing.html

i.Pie Chart

Pie Chart --> From a new search --> ba* --> Split Slices --> Range --> balance --> Add Range

Add sub-buckets --> Split Slices --> Terms --> age --> Apply changes --> Save Visualization(Pie-Example)

ii.Vertical bar chart

New Visualization --> Vertical bar chart --> From a new search --> shakes*

Y-axis --> Unique Count --> speaker

X-Axis --> Terms --> play_name --> Order --> Ascending --> Size(5)

Y-axis --> Add metrics --> Max --> speech_number 

Options --> Bar Mode --> grouped --> Apply changes --> Save Visualization(Bar-Example)

iii.Tile map

Dashboard --> Absolute(May 18, 2015  to May 20, 2015) --> Go

Tile map --> From a new search --> logstash* --> Geo Coordinates --> Geohash --> geo.coordinates   -->  Apply changes --> Save Visualization(Map-Example)

能夠拖拽，放大縮小，改變地圖樣式，自定義過濾條件

iv.Markdown widget

# This is a tutorial dashboard!
The Markdown widget uses **markdown** syntax.
> Blockquotes in Markdown use the > character.

 

Click the green Apply changes button  to display the rendered Markdown in the preview pane:

保存爲Markdown Example

4.整合Visualize到Dashboard

Dashboard  -->  Add Visualization  -->  Markdown Example ,  Pie Example ,  Bar Example , and  Map Example --> Save Dashboard( Tutorial Dashboard)