作者:郭海亮
查看样例数据登录 Kibana浏览器输入:http://localhost:5601
地址格式为:http://kibana地址:kibana所使用的端口,均为在 kibana.yml 配置文件中定义的。
在左上方选择样例数据的索引,右上方选择需要查询的时间范围,即可看到我们需要的数据,如下:
默认会展示所有字段,当然,也可以在左侧栏选择需要展示的字段,如下:
这些数据也可以以表或者以JSON形式展示,如下:
将鼠标移动到某个字段上,会出现上下的箭头,此时便可以根据箭头进行排序,如下:
这是系统内置的一些数据图表方便我们快速了解 Kibana。
Dev Tools 是 Kibana 中最常用的功能,点击导航栏 - Management - 开发工具即可使用。
点击控制台 - 设置,可以看到一些字体、换行等设置。
点击 Grok Debugger 可以进行一些正则调试,与 Logstash 结合解析日志。
GET _cat
返回
=^.^=
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates
/_cat/ml/anomaly_detectors
/_cat/ml/anomaly_detectors/{job_id}
/_cat/ml/trained_models
/_cat/ml/trained_models/{model_id}
/_cat/ml/datafeeds
/_cat/ml/datafeeds/{datafeed_id}
/_cat/ml/data_frame/analytics
/_cat/ml/data_frame/analytics/{id}
/_cat/transforms
/_cat/transforms/{transform_id}查看节点信息GET _cat/nodes?v
返回
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name 10.0.0.38 51 99 14 0.12 0.14 0.21 cdhilmrstw - 1619503017001957332 10.0.0.32 47 99 9 0.70 0.28 0.26 cdhilmrstw - 1619503017001957532 10.0.0.41 54 99 14 2.53 1.02 0.66 cdhilmrstw * 1619503017001957432查看 Master 节点信息
GET _cat/master?v
返回
id host ip node V_EuhAkbTS6T80mN3KX0XQ 10.0.0.41 10.0.0.41 1619503017001957432查看所有节点上的热点线程
GET _nodes/hot_threads
返回
::: {1619503017001957332}{26XvIqLSRlC2hEJ7-kAPUw}{9ytH1jFvTxWT8XHKILnWGg}{10.0.0.38}{10.0.0.38:9300}{cdhilmrstw}{ml.machine_memory=1959018496, rack=cvm_33_330001, xpack.installed=true, set=330001, transform.node=true, ip=9.27.21.20, temperature=hot, ml.max_open_jobs=20, region=33}
Hot threads at 2021-05-05T12:44:05.242Z, interval=500ms, busiestThreads=3, ignoreIdleThreads=true:
::: {1619503017001957532}{Chd-cONFTwOTtZ5H-SdnpQ}{UgtOpFLURSa-Otaq5ECJnQ}{10.0.0.32}{10.0.0.32:9300}{cdhilmrstw}{ml.machine_memory=1959018496, rack=cvm_33_330001, xpack.installed=true, set=330001, transform.node=true, ip=9.27.19.91, temperature=hot, ml.max_open_jobs=20, region=33}
Hot threads at 2021-05-05T12:44:05.266Z, interval=500ms, busiestThreads=3, ignoreIdleThreads=true:
::: {1619503017001957432}{V_EuhAkbTS6T80mN3KX0XQ}{VIcWTj5ERsmG_mY5jZSWtg}{10.0.0.41}{10.0.0.41:9300}{cdhilmrstw}{ml.machine_memory=1959018496, rack=cvm_33_330001, xpack.installed=true, set=330001, transform.node=true, ip=9.27.16.243, temperature=hot, ml.max_open_jobs=20, region=33}
Hot threads at 2021-05-05T12:44:05.390Z, interval=500ms, busiestThreads=3, ignoreIdleThreads=true:查看不健康的分片或索引GET _cluster/allocation/explain?pretty
返回
{
"error" : {
"root_cause" : [
"type" : "illegal_argument_exception",
"reason" : "unable to find any unassigned shards to explain [ClusterAllocationExplainRequest[useAnyUnassignedShard=true,includeYesDecisions?=false]"
"type" : "illegal_argument_exception",
"reason" : "unable to find any unassigned shards to explain [ClusterAllocationExplainRequest[useAnyUnassignedShard=true,includeYesDecisions?=false]"
"status" : 400
}查看线程池设置GET _nodes/thread_pool/
返回
{
"_nodes" : {
"total" : 3,
"successful" : 3,
"failed" : 0
"cluster_name" : "es-gcudgkos",
"nodes" : {
"Chd-cONFTwOTtZ5H-SdnpQ" : {
"name" : "1619503017001957532",
"transport_address" : "10.0.0.32:9300",
"host" : "10.0.0.32",
"ip" : "10.0.0.32",
"version" : "7.10.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "27aa98ee709dc860b4bec3994b44ba2e6c8dd73d",
"roles" : [
"data",
"data_cold",
"data_content",
"data_hot",
"data_warm",
"ingest",
"master",
"ml",
"remote_cluster_client",
"transform"
......查看集群全部信息GET _cluster/stats?human pretty
返回
{
"_nodes" : {
"total" : 3,
"successful" : 3,
"failed" : 0
"cluster_name" : "es-gcudgkos",
"cluster_uuid" : "UhtpZp9lScapLQIbid4gbw",
"timestamp" : 1620218697400,
"status" : "green",
"indices" : {
"count" : 29,
"shards" : {
"total" : 58,
"primaries" : 29,
"replication" : 1.0,
"index" : {
"shards" : {
"min" : 2,
"max" : 2,
"avg" : 2.0
"primaries" : {
"min" : 1,
"max" : 1,
"avg" : 1.0
"replication" : {
"min" : 1.0,
"max" : 1.0,
"avg" : 1.0
......查看集群状态GET _cluster/health?pretty
返回
{
"cluster_name" : "es-gcudgkos",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 29,
"active_shards" : 58,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}获取所有索引的信息GET _cat/indices?v pretty
返回
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open .monitoring-kibana-7-2021.05.05 6q8JfbKET9WHaIm7cr2psg 1 1 18384 0 8.2mb 3.2mb green open .monitoring-kibana-7-2021.05.04 mZpqpa90R22C3PSvpv_CnA 1 1 34556 0 10.3mb 5.1mb green open .monitoring-kibana-7-2021.04.30 W2FAgGZ5TASJHYnoT5ofvg 1 1 34558 0 10.5mb 5.2mb green open .items-default-000001 Se5hFqb7ThiiNbx8MMNQ3g 1 1 0 0 416b 208b green open .monitoring-kibana-7-2021.05.03 mRH2eYPUTjOTWk0745d0Sw 1 1 34560 0 10.3mb 5.1mb green open .monitoring-kibana-7-2021.05.02 G2_RTwVGRyii0pK9YPzp6w 1 1 34556 0 10.3mb 5.1mb green open .monitoring-kibana-7-2021.05.01 GXj_YZZkSaWezvKDMJBTGA 1 1 34560 0 10.4mb 5.2mb green open .apm-custom-link b3aD6BJ_TNOTEeDj6i6oDQ 1 1 0 0 416b 208b green open .kibana_task_manager_1 IwHXIHnOSN6PJNN_kpvWLg 1 1 6 3516 3.5mb 578.2kb green open logs-index_pattern_placeholder XR4BMRsgQzWgTX8-oXez-A 1 1 0 0 416b 208b green open .monitoring-es-7-2021.04.29 NK-SLq7BSVaDUTmIl8rQcw 1 1 36357 0 46.1mb 20.7mb green open .monitoring-kibana-7-2021.04.29 k7IXameTQIygrqKo6jz31w 1 1 34560 0 10.5mb 5.2mb green open .lists-default-000001 6mx7-p1xSVef1uBunLAGgw 1 1 0 0 416b 208b green open .apm-agent-configuration XxPQmjjfRQu_Qdl2jwZHxg 1 1 0 0 416b 208b green open .kibana_1 xXlKVyfsSbSFY2ygRaalRw 1 1 140 61 8.9mb 4.4mb green open .monitoring-es-7-2021.04.30 ULyYh6fTRdOBAUfvyKK2Kw 1 1 38994 0 43.4mb 21.7mb green open .security-7 2rEeUg0vT8a6cQv18v73LA 1 1 46 0 306.9kb 106kb green open .monitoring-es-7-2021.05.01 RrtO4Wp7Taad93D4awHNJg 1 1 41977 0 46.7mb 23.3mb green open wfe 1UlifJS6Rsu4O8fVxaElGg 1 1 1085 1 16.5mb 8.2mb green open .kibana-event-log-7.10.1-000001 ny0H9LiiQPuI8AH9zcPkfg 1 1 4 0 23.6kb 11.8kb green open metrics-index_pattern_placeholder GQWH2XCFSq2gbIqGwgL_XA 1 1 0 0 416b 208b green open kibana_sample_data_logs COoX4096S0az6IzJ6Mo7MA 1 1 14074 0 18.9mb 9.4mb green open .async-search NsGrHYxWRK-C0iLvZ7THQQ 1 1 0 0 7.2kb 3.6kb green open .monitoring-es-7-2021.05.03 xnk57_D-SSeqyW6kwpuSgw 1 1 47673 0 53.2mb 26.6mb green open .monitoring-es-7-2021.05.02 Jii6AjJbTOmbBpT-zbM5RA 1 1 44778 0 50.2mb 25mb green open .monitoring-es-7-2021.05.05 YtJgJS-tRSq39a18-oLLyQ 1 1 27816 44548 37.4mb 18.9mb green open .monitoring-es-7-2021.05.04 j3UnA4odSlOLgT3AlAZMAQ 1 1 52027 0 55.8mb 27.8mb查看集群状态green:所有功能完好;yellow:数据是可用的,但存在未被分配的副本;red:集群中存在不可用的数据;
GET _cat/health?v
返回
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent 1620218868 12:47:48 es-gcudgkos green 3 3 58 29 0 0 0 0 - 100.0%创建索引 testtest:索引名;pretty:输出格式良好的JSON响应;
PUT test?pretty
返回
{
"acknowledged" : true,
"shards_acknowledged" : true,
"index" : "test"
}查看 test 索引GET test
返回
{
"test" : {
"aliases" : { },
"mappings" : {
"dynamic_templates" : [
"message_full" : {
"match" : "message_full",
"mapping" : {
"fields" : {
"keyword" : {
"ignore_above" : 2048,
"type" : "keyword"
"type" : "text"
"message" : {
"match" : "message",
"mapping" : {
"type" : "text"
"strings" : {
"match_mapping_type" : "string",
"mapping" : {
"type" : "keyword"
"settings" : {
"index" : {
"routing" : {
"allocation" : {
"include" : {
"_tier_preference" : "data_content"
"refresh_interval" : "10s",
"number_of_shards" : "1",
"translog" : {
"sync_interval" : "5s",
"durability" : "async"
"provided_name" : "test",
"max_result_window" : "65536",
"creation_date" : "1620218910183",
"unassigned" : {
"node_left" : {
"delayed_timeout" : "5m"
"number_of_replicas" : "1",
"uuid" : "Xshcy1IyRemznHzcv3Focw",
"version" : {
"created" : "7100199"
}判断索引 test 是否存在HEAD test
返回
200 - OK打开索引 test
POST test/_open
返回
{
"acknowledged" : true,
"shards_acknowledged" : true,
"indices" : {
"test" : {
"closed" : true
}关闭索引 testPOST test/_close
返回
{
"acknowledged" : true,
"shards_acknowledged" : false,
"indices" : { }
}查看索引 test 状态GET test/_stats
返回
{
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
"_all" : {
"primaries" : {
"docs" : {
"count" : 0,
"deleted" : 0
"store" : {
"size_in_bytes" : 230,
"reserved_in_bytes" : 0
"indexing" : {
"index_total" : 0,
"index_time_in_millis" : 0,
"index_current" : 0,
"index_failed" : 0,
"delete_total" : 0,
"delete_time_in_millis" : 0,
"delete_current" : 0,
"noop_update_total" : 0,
"is_throttled" : false,
"throttle_time_in_millis" : 0
......删除索引 test根据索引名称删除DELETE test?pretty可以一次删除多个索引(以逗号间隔)删除所有索引 _all 或通配符 *查看索引模板
GET _template #查看所有索引摸板 GET _template/temp* #查看以temp开头的索引模板 GET _template/template_1,template_2 #查看template_1和template_2索引摸板 GET _template/template_name #查看名称为template_name的索引摸板删除索引模板
DELETE _template/template_name
返回
Grok Debugger 调试更多模式参考:http://grokdebug.herokuapp.com/patterns例一input
[2020-04-03T16:51:35,918] [DEBUG] [o.e.a.a.c.n.i.TransportNodesInfoAction] [data02-131-211] failed to execute on node [08GhVGGgRCqUE3qAdXf04g] org.elasticsearch.transport.NodeNotConnectedException: [master01-34.5][172.16.34.5:9300] Node not connected
pattern
(? date \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2},\d{3})\] \[(? loglevel [A-Z \s]{4,5})] \[(? service [A-Za-z0-9/.]{4,40})\] \[(? node [A-Za-z0-9/-]{4,40})\] (? msg .*)result
{
"date": [
"2020-04-03T16:51:35,918"
"loglevel": [
"DEBUG"
"service": [
"o.e.a.a.c.n.i.TransportNodesInfoAction"
"node": [
"data02-131-211"
"msg": [
"failed to execute on node [08GhVGGgRCqUE3qAdXf04g] org.elasticsearch.transport.NodeNotConnectedException: [master01-34.5][172.16.34.5:9300] Node not connected"
}例二input
[2020-04-03 09:04:20,446][INFO][Thread-16][c.h.jobhandler.ELKTestJobHandlervds.6665][ELKTestJobHandler.java : 32][elkTestJobHandler: 普通日志输出测试]
pattern
(? date \d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3})\]\[(? loglevel [A-Z]{4,5})\]\[(? thread [A-Za-z0-9-/-]{4,40})\]\[(? class [A-Za-z0-9/.]{4,40})\]\[(? msg .*)result
{
"date": [
"2020-04-03 09:04:20,446"
"loglevel": [
"INFO"
"thread": [
"Thread-16"
"class": [
"c.h.jobhandler.ELKTestJobHandlervds.6665"
"msg": [
"ELKTestJobHandler.java : 32][elkTestJobHandler: 普通日志输出测试]"
}例三input
2018/05/01 16:16:01.892 - OK - 759.2ms - 172.29.1.7:35184[485388]- 172.7.1.39:3306[1525162561129639717]: DB :select count(*) from test[];
pattern
(? date \d{4}/\d{2}/\d{2}\s(? datetime %{TIME}))\s-\s(? status \w{2})\s-\s(? respond_time \d+)\.\d+\w{2}\s-\s%{IP:client}:(? client-port \d+)\[\d+\]- %{IP:server}:(? server-port \d+).*:(? databases \w+ ):(? SQL .*)result
{
"date": [
"2018/05/01 16:16:01.892"
"datetime": [
"16:16:01.892"
"TIME": [
"16:16:01.892"
"HOUR": [
"16"
"MINUTE": [
"16"
"SECOND": [
"01.892"
"status": [
"OK"
"respond_time": [
"759"
"client": [
"172.29.1.7"
"IPV6": [
null,
null
"IPV4": [
"172.29.1.7",
"172.7.1.39"
"client-port": [
"35184"
"server": [
"172.7.1.39"
"server-port": [
"3306"
"databases": [
" DB "
"SQL": [
"select count(*) from test[];"
}作图以 Nginx 日志为例,插入数据,生产环境中可以通过 Beats 收集到 Elasticsearch 再作图
插入 Nginx 日志测试数据在 Kibana 的开发工具中执行
POST nginx-access-logs/_bulk
{"index":{"_id":"1"}}
{"log_time":"2020-06-30T18:05:03+08:00","client_ip":"115.159.116.79","method":"POST","http_code":"200","size":"66","usersip":"119.85.16.64, 115.159.116.79","request_uri":"http://qdweb.zksf.com/xfjr-zfb/PhoneQry.do","req_time":"0.016","user_ua":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/4G Language/zh_CN"}
{"index":{"_id":"2"}}
{"log_time":"2020-06-30T18:05:04+08:00","client_ip":"123.206.205.161","method":"GET","http_code":"200","size":"11133","usersip":"117.136.84.181, 123.206.205.161","request_uri":"http://qdweb.zksf.com/static/wx/dist/htmls/applyCardMoneySuc/mod.js","req_time":"0.000","user_ua":"Mozilla/5.0 (Linux; Android 8.0.0; SM-G9550 Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044704 Mobile Safari/537.36 MMWEBID/1866 MicroMessenger/7.0.4.1420(0x2700043C) Process/tools NetType/4G Language/zh_CN"}
{"index":{"_id":"3"}}
{"log_time":"2020-06-30T18:05:06+08:00","client_ip":"123.206.107.139","method":"POST","http_code":"200","size":"3887","usersip":"117.136.44.137, 123.206.107.139","request_uri":"http://qdweb.zksf.com/xfjr-zfb/custLoanInfoQry.do","req_time":"0.028","user_ua":"Mozilla/5.0 (Linux; Android 8.1.0; PACM00 Build/O11019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044705 Mobile Safari/537.36 MMWEBID/908 MicroMessenger/7.0.4.1420(0x2700043C) Process/tools NetType/4G Language/zh_CN"}
{"index":{"_id":"4"}}
{"log_time":"2020-06-30T18:05:06+08:00","client_ip":"115.159.93.78","method":"POST","http_code":"200","size":"86","usersip":"218.26.54.246, 115.159.93.78","request_uri":"http://qdweb.zksf.com/xfjr-zfb/LoanAntiFraudQry.do","req_time":"0.022","user_ua":"Mozilla/5.0 (Linux; Android 8.1.0; vivo X21A Build/OPM1.171019.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044705 Mobile Safari/537.36 MicroMessenger/6.7.2.1340(0x260702C5) NetType/4G Language/zh_CN"}
{"index":{"_id":"5"}}
{"log_time":"2020-06-30T18:05:31+08:00","client_ip":"123.206.205.161","method":"POST","http_code":"200","size":"110","usersip":"117.84.191.27, 123.206.205.161","request_uri":"http://qdweb.zksf.com/xfjr-zfb/WeixinForOpenId.do","req_time":"0.154","user_ua":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/WIFI Language/zh_CN"}
{"index":{"_id":"6"}}
{"log_time":"2020-06-30T18:05:32+08:00","client_ip":"123.206.205.161","method":"GET","http_code":"400","size":"2119","usersip":"117.84.191.27, 123.206.205.161","request_uri":"http://qdweb.zksf.com/static/wx/dist/htmls/applyCardMoney/applyCardMoney.html","req_time":"0.000","user_ua":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/WIFI Language/zh_CN"}
{"index":{"_id":"7"}}
{"log_time":"2020-06-30T18:05:32+08:00","client_ip":"123.206.205.161","method":"POST","http_code":"302","size":"150","usersip":"117.84.191.27, 123.206.205.161","request_uri":"http://qdweb.zksf.com/xfjr-zfb/LoginStatusQry.do","req_time":"0.014","user_ua":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/WIFI Language/zh_CN"}
{"index":{"_id":"8"}}
{"log_time":"2020-06-30T18:05:32+08:00","client_ip":"111.231.53.89","method":"POST","http_code":"200","size":"174","usersip":"117.136.67.251, 111.231.53.89","request_uri":"http://qdweb.zksf.com/xfjr-zfb/AntiFraudResultQry.do","req_time":"0.027","user_ua":"Mozilla/5.0 (Linux; Android 8.1.0; vivo Y83A Build/O11019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044705 Mobile Safari/537.36 MMWEBID/2371 MicroMessenger/7.0.4.1420(0x2700043C) Process/tools NetType/4G Language/zh_CN"}
{"index":{"_id":"9"}}
{"log_time":"2020-06-30T18:05:32+08:00","client_ip":"123.206.205.161","method":"GET","http_code":"200","size":"1306","usersip":"117.84.191.27, 123.206.205.161","request_uri":"http://qdweb.zksf.com/static/wx/dist/images/emApprove.png","req_time":"0.000","user_ua":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/WIFI Language/zh_CN"}
{"index":{"_id":"10"}}
{"log_time":"2020-06-30T18:05:32+08:00","client_ip":"122.152.197.50","method":"POST","http_code":"200","size":"110","usersip":"60.119.37.213, 122.152.197.50","request_uri":"http://qdweb.zksf.com/xfjr-zfb/CheckNotice.do","req_time":"0.015","user_ua":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/WIFI Language/zh_CN"}返回
{
"took" : 612,
"errors" : false,
"items" : [
"index" : {
"_index" : "nginx-access-logs",
"_type" : "_doc",
"_id" : "1",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
"_seq_no" : 0,
"_primary_term" : 1,
"status" : 201
"index" : {
"_index" : "nginx-access-logs",
"_type" : "_doc",
"_id" : "6",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
"_seq_no" : 5,
"_primary_term" : 1,
"status" : 201
"index" : {
"_index" : "nginx-access-logs",
"_type" : "_doc",
"_id" : "7",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
"_seq_no" : 6,
"_primary_term" : 1,
"status" : 201
"index" : {
"_index" : "nginx-access-logs",
"_type" : "_doc",
"_id" : "8",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
"_seq_no" : 7,
"_primary_term" : 1,
"status" : 201
......
}创建索引导航 - Kibana - Management - Stack Management - Index patterns(索引模式)- Create index patterns(创建索引模式)- nginx-access-logs - Next step(下一步) - log_time - Create index patterns(创建索引模式)
状态码
导航 - Kibana - Visualize - Create visualization(创建可视化)
Create visualization(创建可视化)
Select a visualization type(选择可视化类型)- Pie(饼图)
Choose a source(选择数据源)- nginx-access-logs
Data(数据)- Metrics(指标)- Slice size(切片大小)- Aggregation(聚合)- Count(计数)- Custom label(定指标签)- 状态码
Buckets(存储桶)- Add(添加)
Split slices(拆分切片)
Aggregation(聚合)- Terms(词)- Field(字段)- http_code - Update(更新)
Save(保存)
状态码 - 保存
流量
导航 - Kibana - Visualize - Create visualization(创建可视化)- Select a visualization type(选择可视化类型)- Area(面积图)- Choose a source(选择数据源)- nginx-access-logs - Data(数据)- Y-axis(Y轴)- Aggregation(聚合)- Count(计数)- Custom label(定指标签)- 流量 - Buckets(存储桶)- Add(添加)- X-axis(X轴)- Aggregation(聚合)- Date Histogram- Field(字段)- log_time - Minimum interval(最小时间间隔)- Second(秒)- Custom label(每秒流量)- Update(更新)- Save(保存)- 网络流量
客户端 IP
导航 - Kibana - Visualize - Create visualization(创建可视化)- Select a visualization type(选择可视化类型)- Data Table(数据表)- Choose a source(选择数据源)- nginx-access-logs - Data(数据)- Metrics(指标)- Aggregation(聚合)- Count(计数)- Custom label(定指标签)- 访问次数 - Buckets(存储桶)- Add(添加)- Split rows(拆分行)- Aggregation(聚合)- Terms(词)- Field(字段)- client_ip - Custom label(客户端IP)- Update(更新)- Save(保存)- 客户端访问Top
导航 - Kibana - Dashboard(仪表盘)
Create dashboard(创建仪表盘)
Add an existing(添加现有)
点击前面创建的图表
选择时间段,由于是假数据,直接选择 Last 1 year
点击保存
输入要保存的名称 nginx-access-logs 后点击保存
重新回到仪表盘,然后点击上面我们保存的 nginx-access-logs 名称就能看到这个仪表盘了。
导航 - Kibana - Visualize - Create visualization(创建可视化)
Create visualization(创建可视化)
Select a visualization type(选择可视化类型)- Lens 可视化
选择索引 nginx-access-logs - 选择时间 Last 1 year
拖动字段http_code到中间
会自动根据此字段生成图表
可以选择下方不同的图表进行展示
也可以在下拉菜单中选择不同的图像
图表也会根据查询动态变化,比如要查询 http_code 的值为 200,图标就会变化为下图这样
还可以选择图例展示的位置
保存
查询 http_code 的值为 302 的数据
http_code : 302
查询 http_code 的值是大于等于 400 的数据
http_code = 400(代码格式会乱,正确的是 =中间没有空格)
查询 http_code 的值为大于 200 并且 method 的值是 POST 的数据
http_code 200 and method : POST
查询 http_code 的值为大于 200 或者 method 的值是 GET 的数据
http_code 200 or method : GET
查询某个字段的值存在的数据,存在则返回数据,不存在则返回为空
size: *
name: *
来源 | 阿里飞天CIO学堂微信公众号 在门锁行业内,王力百万挑战开锁王的故事一直...
aliyun-acr-credential-helper是一个可以在ACK集群中免密拉取ACR个人版或企业版...
本文转载自微信公众号「小姐姐味道」,作者小姐姐养的狗02号。转载本文请联系小...
前言 Hey,大家好,我是码农,星期八,这次咱们来学一下Go语言的一个类型转换工...
获取一个月有多少天 今天遇到一个需求,已知月份,得到这个月的第一天和最后一天...
2019,关于科技的鲜活记忆,正在快速变成时间洪流的一部分,也变成了我们读懂未...
TOP云 (west.cn)7月6日消息,最新一期的sedo交易榜出炉,本期上榜的 域名 共有...
裸金属服务器兼顾了传统物理机的稳定性和云上资源高度弹性的优势,它的推出进一...
国外 域名 如何 申请?要申请国外域名,直接去提供国外 域名注册 服务商的平台就...
随着国内外对少儿编程教育越来越重视,在人工智能大环境的影响下,国家也将编程...
