一、Kibana介绍
Kibana是一个开源的分析与可视化平台,设计出来用于和Elasticsearch一起使用的。比HEAD插件要方面直观.你可以用kibana搜索、查看、交互存放在Elasticsearch索引里的数据,使用各种不同的图表、表格、地图等kibana能够很轻易地展示高级数据分析与可视化。
Kibana 的使用场景,应该集中在两方面:
- 实时监控
通过 histogram 面板,配合不同条件的多个 queries 可以对一个事件走很多个维度组合出不同的时间序列走势。时间序列数据是最常见的监控报警了。 - 问题分析
关于 elk 的用途,可以参照其对应的商业产品 splunk 的场景:使用 Splunk 的意义在于使信息收集和处理智能化。而其操作智能化表现在:- 搜索:通过下钻数据排查问题,通过分析根本原因来解决问题;
- 实时可见性:可以将对系统的检测和警报结合在一起,便于跟踪 SLA 和性能问题;
- 历史分析:可以从中找出趋势和历史模式,行为基线和阈值,生成一致性报告。
Kibana让我们理解大量数据变得很容易。它简单、基于浏览器的接口使你能快速创建和分享实时展现Elasticsearch查询变化的动态仪表盘。安装Kibana非常快。
Kibana官网产品介绍:官网Kibana介绍
二、安装Kibana
2.1、下载
在Kibana下载网址下载所需版本的Kibana。
2.2、解压
解压Kibana安装包
tar -zxvf kibana-7.4.2-linux-x86_64.tar.gz
[root@localhost kibana-7.4.2-linux-x86_64]# ll
total 1420
drwxrwxr-x 2 root root 64 Apr 22 09:36 bin
drwxrwxr-x 5 root root 43 Apr 22 09:36 built_assets
drwxrwxr-x 2 root root 24 Apr 22 09:56 config
drwxrwxr-x 2 root root 6 Oct 29 05:25 data
-rw-rw-r-- 1 root root 13675 Oct 29 05:25 LICENSE.txt
drwxrwxr-x 6 root root 108 Apr 22 09:36 node
drwxrwxr-x 1238 root root 36864 Apr 22 09:36 node_modules
-rw-rw-r-- 1 root root 1367537 Oct 29 05:25 NOTICE.txt
drwxrwxr-x 3 root root 55 Apr 22 09:36 optimize
-rw-rw-r-- 1 root root 738 Oct 29 05:25 package.json
drwxrwxr-x 2 root root 6 Oct 29 05:25 plugins
-rw-rw-r-- 1 root root 4048 Oct 29 05:25 README.txt
drwxrwxr-x 11 root root 146 Apr 22 09:36 src
drwxrwxr-x 2 root root 277 Apr 22 09:36 webpackShims
drwxrwxr-x 5 root root 129 Apr 22 09:36 x-pack
2.3、配置
[root@localhost kibana-7.4.2-linux-x86_64]# cd config/
[root@localhost config]# ll
total 8
-rw-r--r-- 1 root root 5146 Apr 22 09:56 kibana.yml
[root@localhost config]#
[root@localhost config]# vim kibana.yml
配置如下三个参数:
如果进行中文设置:
Kibana配置文件参考:官网Kibana配置描述
2.4、开放5601端口
[root@localhost config]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
通过以上命令可知,本机防火墙关闭(Active: inactive (dead))
防火墙配置相关命令:
查看防火墙状态 systemctl status firewalld
开启防火墙 systemctl start firewalld
关闭防火墙 systemctl stop firewalld
开启防火墙 service firewalld start
若遇到无法开启
先用:systemctl unmask firewalld.service
然后:systemctl start firewalld.service
------------------------------------------------------------------------
查询指定端口是否已开 firewall-cmd --query-port=5601/tcp
提示 yes,表示开启;no表示未开启。
--------------------------------------------------
添加指定需要开放的端口:
firewall-cmd --add-port=5601/tcp --permanent
重载入添加的端口:
firewall-cmd --reload
查询指定端口是否开启成功:
firewall-cmd --query-port=5601/tcp
三、kibana启动
前台启动:./bin/kibana
后台启动:nohup ./bin/kibana &
nohup和&的区别:
- & : 指在后台运行
- nohup : 不挂断的运行,注意并没有后台运行的功能,就是指,用nohup运行命令可以使命令永久的执行下去,和用户终端没有关系,例如我们断开SSH连接都不会影响他的运行,注意了nohup没有后台运行的意思;&才是后台运行
[root@localhost bin]# ./kibana
Kibana should not be run as root. Use --allow-root to continue.
kibana不建议以root用户启动,如果用root启动,需要加–allow-root:
[root@localhost bin]# ./kibana --allow-root
log [02:45:46.676] [info][status][plugin:encrypted_saved_objects@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.687] [info][status][plugin:snapshot_restore@7.4.2] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log [02:45:46.695] [info][status][plugin:kibana_react@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.696] [info][status][plugin:region_map@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.753] [info][status][plugin:timelion@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.755] [info][status][plugin:ui_metric@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.757] [info][status][plugin:markdown_vis@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.758] [info][status][plugin:metric_vis@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.759] [info][status][plugin:table_vis@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.761] [info][status][plugin:tagcloud@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.762] [info][status][plugin:vega@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:46.765] [warning][browser-driver][reporting] Enabling the Chromium sandbox provides an additional layer of protection.
log [02:45:47.481] [warning] You're running Kibana 7.4.2 with some different versions of Elasticsearch. Update Kibana or Elasticsearch to the same version to prevent compatibility issues: v7.5.1 @ 127.0.0.1:9200 (127.0.0.1)
log [02:45:47.483] [info][status][plugin:elasticsearch@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.557] [info][license][xpack] Imported license information from Elasticsearch for the [data] cluster: mode: basic | status: active
log [02:45:47.567] [info][status][plugin:xpack_main@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.568] [info][status][plugin:graph@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.569] [info][status][plugin:searchprofiler@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.570] [info][status][plugin:ml@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.571] [info][status][plugin:tilemap@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.571] [info][status][plugin:watcher@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.572] [info][status][plugin:grokdebugger@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.572] [info][status][plugin:logstash@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.572] [info][status][plugin:beats_management@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.573] [info][status][plugin:index_management@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.574] [info][status][plugin:index_lifecycle_management@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.574] [info][status][plugin:rollup@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.575] [info][status][plugin:remote_clusters@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.575] [info][status][plugin:cross_cluster_replication@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.575] [info][status][plugin:file_upload@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.576] [info][status][plugin:snapshot_restore@7.4.2] Status changed from yellow to green - Ready
log [02:45:47.577] [info][kibana-monitoring][monitoring] Starting monitoring stats collection
log [02:45:47.598] [info][status][plugin:maps@7.4.2] Status changed from yellow to green - Ready
log [02:45:48.342] [warning][reporting] Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml
log [02:45:48.351] [info][status][plugin:reporting@7.4.2] Status changed from uninitialized to green - Ready
log [02:45:48.436] [info][listening] Server running at http://10.41.62.165:5601
log [02:45:48.445] [info][server][Kibana][http] http server running at http://10.41.62.165:5601
log [02:45:48.455] [info][status][plugin:spaces@7.4.2] Status changed from yellow to green - Ready
log [02:45:48.464] [warning][maps] Error scheduling telemetry task, received [task:Maps-maps_telemetry]: version conflict, document already exists (current version [3]): [version_conflict_engine_exception] [task:Maps-maps_telemetry]: version conflict, document already exists (current version [3]), with { index_uuid="l9C49SlmQbG0tq37PTFh7g" & shard="0" & index=".kibana_task_manager_1" }
log [02:45:48.465] [warning][telemetry] Error scheduling task, received [task:oss_telemetry-vis_telemetry]: version conflict, document already exists (current version [3]): [version_conflict_engine_exception] [task:oss_telemetry-vis_telemetry]: version conflict, document already exists (current version [3]), with { index_uuid="l9C49SlmQbG0tq37PTFh7g" & shard="0" & index=".kibana_task_manager_1" }
[root@localhost config]# ps -ef |grep node
root 31147 43239 3 10:45 pts/2 00:01:10 ./bin/../node/bin/node ./bin/../src/cli --allow-root
root 33100 31433 0 11:18 pts/1 00:00:00 grep --color=auto node
四、kibana使用
浏览器访问 http://10.41.62.165:5601
如图所示界面 即为成功
- Discover:可视化查询分析器
- Visualize:统计分析图表
- Dashboard:自定义主面板(添加图表)
- Timelion:Timelion是一个kibana时间序列展示组件(暂时不用)
- Dev Tools:Console控制台(同CURL/POSTER,操作ES代码工具,代码提示,很方便)
- Management:管理索引库(index)、已保存的搜索和可视化结果(save objects)、设置 kibana 服务器属性。
4.1、Dev Tools
Dev Tools 页面包含开发工具,您可以使用这些Dev Tools与Kibana中的数据进行交互。
原先的交互式控制台Sense,使用户方便的通过浏览器直接与Elasticsearch进行交互。从Kibana 5开始改名并直接内建在Kibana,就是Dev Tools选项。
Kibana提供了Console UI来通过REST API与Elasticsearch交互,Console位于Kibana的Dev Tools栏下。Console有两个主要区域,左边是编辑区用来书写REST请求,右边用来显示请求返回结果。
4.1.1、Dev Tools特点与配置
自动提示功能
Console提供了自动提示功能,可以为你提供API、方法等提示。编写完请求后点击绿色执行按钮,会在右侧面板给出请求结果。执行按钮旁边的“小扳手”按钮,可以将请求copy转化为curl(copy),还有一个功能就是自动缩紧格式(Auto Indent)。如果对已经锁进好的代码进行Auto Indent,Console会将请求体(body)缩进在一行中。
多请求查询
Console支持多请求查询,只需要你将左侧选中执行即可。
History
点击Console的顶部有History,会显示最近500条请求成功的历史纪录。左侧显示历史纪录,点击其中一条后会在右侧显示。
基础配置
Console提供了一些基础配置,比如字体大小等。