Elastic Stack之kibana使用

　　　　　　　　　　　　　　Elastic Stack之kibana使用

　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　做者：尹正傑 

版權聲明：原創做品，謝絕轉載！不然將追究法律責任。

 

　　本篇博客數據流走向：FileBeat ===》Redis  ===》logstash ===> elasticsearch ===>kibana。 

 

一.下載kibanna

1>.進入kibanna下載界面

2>.選擇kibanna過去發佈的版本（https://www.elastic.co/downloads/kibana）

 

3>.選擇kibanna的發行版本

4>.下載kibana

 

[root@node105 ~]# 
[root@node105 ~]# ll
total 139728
-rw-r--r--. 1 root root   9224611 Sep 19 03:10 filebeat-5.6.12-x86_64.rpm
-rw-r--r--. 1 root root  28513410 Mar  4 23:29 GeoLite2-City.tar.gz
-rw-r--r--. 1 root root 105333923 Sep 19 03:12 logstash-5.6.12.rpm
[root@node105 ~]# 
[root@node105 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-linux-x86_64.tar.gz
--2019-03-12 22:01:24--  https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-linux-x86_64.tar.gz
Resolving artifacts.elastic.co (artifacts.elastic.co)... 151.101.230.222, 2a04:4e42:1a::734
Connecting to artifacts.elastic.co (artifacts.elastic.co)|151.101.230.222|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 52364941 (50M) [application/x-gzip]
Saving to: ‘kibana-5.6.12-linux-x86_64.tar.gz’

100%[================================================================================================================================================================================>] 52,364,941   152KB/s   in 9m 45s 

2019-03-12 22:11:13 (87.5 KB/s) - ‘kibana-5.6.12-linux-x86_64.tar.gz’ saved [52364941/52364941]

[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# ll
total 190868
-rw-r--r--. 1 root root   9224611 Sep 19 03:10 filebeat-5.6.12-x86_64.rpm
-rw-r--r--. 1 root root  28513410 Mar  4 23:29 GeoLite2-City.tar.gz
-rw-r--r--. 1 root root  52364941 Sep 19 03:12 kibana-5.6.12-linux-x86_64.tar.gz
-rw-r--r--. 1 root root 105333923 Sep 19 03:12 logstash-5.6.12.rpm
[root@node105 ~]# 
[root@node105 ~]# 

[root@node105 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-linux-x86_64.tar.gz 

[root@node105 ~]# 
[root@node105 ~]# ll
total 190868
-rw-r--r--. 1 root root   9224611 Sep 19 03:10 filebeat-5.6.12-x86_64.rpm
-rw-r--r--. 1 root root  28513410 Mar  4 23:29 GeoLite2-City.tar.gz
-rw-r--r--. 1 root root  52364941 Sep 19 03:12 kibana-5.6.12-linux-x86_64.tar.gz
-rw-r--r--. 1 root root 105333923 Sep 19 03:12 logstash-5.6.12.rpm
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-x86_64.rpm
--2019-03-12 22:13:23--  https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-x86_64.rpm
Resolving artifacts.elastic.co (artifacts.elastic.co)... 151.101.230.222, 2a04:4e42:1a::734
Connecting to artifacts.elastic.co (artifacts.elastic.co)|151.101.230.222|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 53646640 (51M) [application/octet-stream]
Saving to: ‘kibana-5.6.12-x86_64.rpm’

100%[================================================================================================================================================================================>] 53,646,640  54.4KB/s   in 11m 1s 

2019-03-12 22:24:28 (79.2 KB/s) - ‘kibana-5.6.12-x86_64.rpm’ saved [53646640/53646640]

[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# ll
total 243260
-rw-r--r--. 1 root root   9224611 Sep 19 03:10 filebeat-5.6.12-x86_64.rpm
-rw-r--r--. 1 root root  28513410 Mar  4 23:29 GeoLite2-City.tar.gz
-rw-r--r--. 1 root root  52364941 Sep 19 03:12 kibana-5.6.12-linux-x86_64.tar.gz
-rw-r--r--. 1 root root  53646640 Sep 19 03:12 kibana-5.6.12-x86_64.rpm
-rw-r--r--. 1 root root 105333923 Sep 19 03:12 logstash-5.6.12.rpm
[root@node105 ~]# 

[root@node105 ~]# wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.12-x86_64.rpm

 

二.安裝與配置kibanna

1>.安裝kibanna

[root@node105 ~]# 
[root@node105 ~]# ll
total 243260
-rw-r--r--. 1 root root   9224611 Sep 19 03:10 filebeat-5.6.12-x86_64.rpm
-rw-r--r--. 1 root root  28513410 Mar  4 23:29 GeoLite2-City.tar.gz
-rw-r--r--. 1 root root  52364941 Sep 19 03:12 kibana-5.6.12-linux-x86_64.tar.gz
-rw-r--r--. 1 root root  53646640 Sep 19 03:12 kibana-5.6.12-x86_64.rpm
-rw-r--r--. 1 root root 105333923 Sep 19 03:12 logstash-5.6.12.rpm
[root@node105 ~]# 
[root@node105 ~]# rpm -ivh kibana-5.6.12-x86_64.rpm 
warning: kibana-5.6.12-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:kibana-5.6.12-1                  ################################# [100%]
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# rpm -ql kibana | wc -l
34600
[root@node105 ~]# 
[root@node105 ~]# 

[root@node105 ~]# rpm -ivh kibana-5.6.12-x86_64.rpm

2>.編輯kibanna的配置文件

[root@node105 ~]# 
[root@node105 ~]# cp /etc/kibana/kibana.yml /etc/kibana/kibana.yml-`date +%F`
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# cat /etc/kibana/kibana.yml  | egrep -v "^#|^$"
server.port: 5601
server.host: "0.0.0.0"
server.name: "node105.yinzhengjie.org.cn"
elasticsearch.url: "http://node101.yinzhengjie.org.cn:9200"
elasticsearch.preserveHost: true
kibana.index: ".kibana"
[root@node105 ~]# 
[root@node105 ~]# 

[root@node105 ~]# cat /etc/kibana/kibana.yml | egrep -v "^#|^$"

3>.啓動kibanna服務

[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# systemctl start kibana
[root@node105 ~]# 
[root@node105 ~]# systemctl enable kibana
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# systemctl status kibana
● kibana.service - Kibana
   Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-03-12 22:39:32 CST; 9s ago
 Main PID: 3403 (node)
   CGroup: /system.slice/kibana.service
           └─3403 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml

Mar 12 22:39:35 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:kibana@5.6.12","info"],"pid":3403,"state":"green","message":"Status c...ninitialized"}
Mar 12 22:39:35 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:elasticsearch@5.6.12","info"],"pid":3403,"state":"yellow","message":"...ninitialized"}
Mar 12 22:39:35 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:console@5.6.12","info"],"pid":3403,"state":"green","message":"Status ...ninitialized"}
Mar 12 22:39:35 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:metrics@5.6.12","info"],"pid":3403,"state":"green","message":"Status ...ninitialized"}
Mar 12 22:39:35 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","plugin:timelion@5.6.12","info"],"pid":3403,"state":"green","message":"Status...ninitialized"}
Mar 12 22:39:35 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["listening","info"],"pid":3403,"message":"Server running at http://0.0.0.0:5601"}
Mar 12 22:39:35 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:35Z","tags":["status","ui settings","info"],"pid":3403,"state":"yellow","message":"Status changed f...ninitialized"}
Mar 12 22:39:40 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:40Z","tags":["status","plugin:elasticsearch@5.6.12","info"],"pid":3403,"state":"yellow","message":"...lasticsearch"}
Mar 12 22:39:41 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:41Z","tags":["status","plugin:elasticsearch@5.6.12","info"],"pid":3403,"state":"green","message":"S... index found"}
Mar 12 22:39:41 node105.yinzhengjie.org.cn kibana[3403]: {"type":"log","@timestamp":"2019-03-12T14:39:41Z","tags":["status","ui settings","info"],"pid":3403,"state":"green","message":"Status changed fr...in is yellow"}
Hint: Some lines were ellipsized, use -l to show in full.
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# 
[root@node105 ~]# ss -ntl | grep 5601
LISTEN     0      128          *:5601                     *:*                  
[root@node105 ~]# 

[root@node105 ~]# systemctl start kibana

4>.訪問kibanna的web端口

 

 

三.kibanna的web界面

1>.搜索響應碼是400的日誌信息（response: 404 ）

2>.搜索響應碼是400或者是200的日誌信息（response: 404 OR response: 200）

3>.搜索響應碼在200~404之間的（response: [200 TO 404]）

4>.搜索關鍵字（好比：agent :curl）

 

四.kibana的圖表之餅圖（pie）建立案例

1>.點擊「Create a visualization」

2>.點擊Pie

 

3>.點擊logstash索引

 

4>.生成餅圖

 

5>.查看已經保存的圖

 

 

五.kibana的圖表之地圖建立案例

1>.點擊新建

2>.選擇地理位置的圖

3>.選擇索引

 

4>.查看結果

 

5>.保存地圖

6>.查看已經保存的圖

 

 

六.建立面板

1>.建立新面板

 

2>.點擊添加按鈕

 

3>.選中你要合併的圖

4>.保存自定義面板

5>.查看已經保存的視圖

6>.查看視圖的詳細信息