ElasticSearch 5學習——Kibana+X-Pack介紹使用(全)
<div class="postBody">
<div id="cnblogs_post_body" class="blogpost-body cnblogs-markdown"><p>Kibana是一個為 ElasticSearch 提供的資料分析的 Web 介面。可使用它對日誌進行高效的搜尋、視覺化、分析等各種操作。Kibana目前最新的版本5.0.2,回顧一下Kibana 3和Kibana 4的介面。</p>
下面的圖展示的是Kibana 3的介面,所有的儀表盤直接放置主頁。
下面的圖展示的是Kibana 4的介面,和Kibana 3最大的區別是將原來的主體分成三個部分,分別是發現頁、視覺化、儀表盤。
下面是目前Kibana 5最新版本的介面。相比較Kibana 4除了介面的風格變化,最主要是功能欄上添加了Timeline、Management和Dev Tools選項。
Discover
You can interactively explore your data from the Discover page. You have access to every document in every index that matches the selected index pattern. You can submit search queries, filter the search results, and view document data. You can also see the number of documents that match the search query and get field value statistics. If a time field is configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the top of the page.
從發現頁可以互動地探索ES的資料。可以訪問與所選索引模式相匹配的每一個索引中的每一個文件。您可以提交搜尋查詢、篩選搜尋結果和檢視文件資料。還可以看到匹配搜尋查詢和獲取欄位值統計的文件的數量。如果一個時間欄位被配置為所選擇的索引模式,則文件的分佈隨著時間的推移顯示在頁面頂部的直方圖中。
Visualize
Visualize enables you to create visualizations of the data in your Elasticsearch indices. You can then build dashboards that display related visualizations.Kibana visualizations are based on Elasticsearch queries. By using a series of Elasticsearch aggregations to extract and process your data, you can create charts that show you the trends, spikes, and dips you need to know about.You can create visualizations from a search saved from Discover or start with a new search query.
視覺化能使你創造你的Elasticsearch指標資料的視覺化。然後你可以建立儀表板顯示相關的視覺化。Kibana的視覺化是基於Elasticsearch查詢。通過一系列的Elasticsearch聚合提取和處理您的資料,您可以建立圖表顯示你需要知道的關於趨勢,峰值和驟降。您可以從搜尋儲存的搜尋中建立視覺化或從一個新的搜尋查詢開始。
Dashboard
A Kibana dashboard displays a collection of saved visualizations. You can arrange and resize the visualizations as needed and save dashboards so they be reloaded and shared.
一個儀表板顯示Kibana儲存的一系列視覺化。你可以根據需要安排和調整視覺化,並儲存儀表盤,可以被載入和共享。
Monitoring
從圖中可以發現,預設Kibana是沒有該選項的。其實,Monitoring是由X-Pack整合提供的。
The X-Pack monitoring components enable you to easily monitor Elasticsearch through Kibana. You can view cluster health and performance in real time as well as analyze past cluster, index, and node metrics. In addition, you can monitor the performance of Kibana itself.When you install X-Pack on your cluster, a monitoring agent runs on each node to collect and index metrics from Elasticsearch. With X-Pack installed in Kibana, you can then view the monitoring data through a set of specialized dashboards.
該X-pack監控元件使您可以通過Kibana輕鬆地監控ElasticSearch。您可以實時檢視叢集的健康和效能,以及分析過去的叢集、索引和節點度量。此外,您可以監視Kibana本身效能。當你安裝X-pack在群集上,監控代理執行在每個節點上收集和指數指標從Elasticsearch。安裝在X-pack在Kibana上,您可以檢視通過一套專門的儀表板監控資料。
Graph
The X-Pack graph capabilities enable you to discover how items in an Elasticsearch index are related. You can explore the connections between indexed terms and see which connections are the most meaningful. This can be useful in a variety of applications, from fraud detection to recommendation engines.For example, graph exploration could help you uncover website vulnerabilities that hackers are targeting so you can harden your website. Or, you might provide graph-based personalized recommendations to your e-commerce customers.X-Pack provides a simple, yet powerful graph exploration API, and an interactive graph visualization tool for Kibana. Both work with out of the box with existing Elasticsearch indices—you don’t need to store any additional data to use the X-Pack graph features.
X-Pack圖的能力使你發現一個Elasticsearch索引項是如何相關聯的。你可以探索索引條款之間的連線,看看哪些連線是最有意義的。從欺詐檢測到推薦引擎,對各種應用中這都是有用的,例如,圖的探索可以幫助你發現網站上黑客的目標的漏洞,所以你可以硬化你的網站。或者,您可以為您的電子商務客戶提供基於圖表的個性化推薦。X-pack提供簡單,但功能強大的圖形開發API,和Kibana互動式圖形視覺化工具。使用X-pack圖有工作與開銷與現有Elasticsearch指標你不需要任何額外的資料儲存的特徵。
Timelion
Timelion is a time series data visualizer that enables you to combine totally independent data sources within a single visualization. It’s driven by a simple expression language you use to retrieve time series data, perform calculations to tease out the answers to complex questions, and visualize the results.
Timelion是一個時間序列資料的視覺化,可以結合在一個單一的視覺化完全獨立的資料來源。它是由一個簡單的表示式語言驅動的,你用來檢索時間序列資料,進行計算,找出複雜的問題的答案,並可視化的結果。
這個功能由一系列的功能函式組成,同樣的查詢的結果,也可以通過Dashboard顯示檢視。
Management
The Management application is where you perform your runtime configuration of Kibana, including both the initial setup and ongoing configuration of index patterns, advanced settings that tweak the behaviors of Kibana itself, and the various “objects” that you can save throughout Kibana such as searches, visualizations, and dashboards.This section is pluginable, so in addition to the out of the box capabitilies, packs such as X-Pack can add additional management capabilities to Kibana.
管理中的應用是在你執行你的執行時配置kibana,包括初始設定和指標進行配置模式,高階設定,調整自己的行為和Kibana,各種“物件”,你可以檢視儲存在整個Kibana的內容如發現頁,視覺化和儀表板。
這部分是pluginable,除此之外,X-pack可以給Kibana增加額外的管理能力。
You can use X-Pack Security to control what Elasticsearch data users can access through Kibana.When you install X-Pack, Kibana users have to log in. They need to have the kibana_user role as well as access to the indices they will be working with in Kibana.If a user loads a Kibana dashboard that accesses data in an index that they are not authorized to view, they get an error that indicates the index does not exist. X-Pack Security does not currently provide a way to control which users can load which dashboards.
你可以使用X-pack安全控制哪些使用者可以訪問Elasticsearch資料通過Kibana。當你安裝X-pack,Kibana使用者登入。他們需要有kibana_user作用以及獲得的指標,他們將在Kibana的工作。如果使用者載入Kibana儀表板,訪問資料的一個索引,他們未被授權檢視,他們得到一個錯誤,表明指數不存在。X-pack安全目前並不提供一種方法來控制哪些使用者可以負荷的儀表板。
Dev Tools
原先的互動式控制檯Sense,使使用者方便的通過瀏覽器直接與Elasticsearch進行互動。從Kibana 5開始改名並直接內建在Kibana,就是Dev Tools選項。
注意如果是Kibana 5以上,不能通過以下命令安裝Sense。(踩過的坑)
./bin/kibana plugin --install elastic/sense或者
./bin/kibana-plugin install elastic/sense instead
總結
內容比較簡單,主要是對Kibana工具的整體功能總結,方便接下來對ElasticSearch 5的學習,其中X-Pack主要是新增身份許可權的驗證,以及原先需要安裝其他各種Marvel、Hand等各種功能外掛新增到Kibana上使用才能使用的功能。
學習連結: