ELK real-time log platform web User Manual

ELK real-time log platform web User Manual
During this time, the company launched a new product line. By deploying elasticsearch + logstash + kibana, the company can view logs in real time and open access interfaces to open access personnel, this frees O & M from the boring log query work. The biggest highlight of the ELK platform is that you can use keywords to locate the problematic physical server and time segment, which is quite practical in the cluster environment.
Kibana simple practical manual.

1 use ELK kibana... 1

1.1 interface introduction... 1

1.1.1 QUERY. 1

1.1.2 FILERING... 1

1.1.3 all events. 1

1.1.1 Fileds. 1

1.2 query demo... 2

1.2.1 compound query... 2

1.2.1.1 specify the query field... 2

1.2.1.2 add multiple fields... 3

1.2.1.3 modify the Query Class capacity... 3

1.2.1.4 modify the time period... 4

1.2.2 logs before and after... 5

1.2.3 locate the faulty host... 5

2 Other functions... 5

2.1 UI color modification... 5

2.2 display number modification... 5

1 use ELK kibana

ELK elasticsearch + logstash + kibana: describes how to use the kibana web tool.

1.1 interface introduction 1.1.1 QUERY

Enter the content for full-text search

1.1.2 FILERING

Manually specify filter conditions. By default, all logs of the current day are displayed.

1.1.3 ALL EVENTS

Displays logs that meet the conditions. By default, 500 logs are displayed, which can be adjusted manually;

1.1.1 Fileds

Specify all displayed content. The main fields have the following meanings:

@ Timestamp time. Accurate to milliseconds;

Host name. Host Name of the server that generates logs;

_ Type, type. The subsystem name. For example, XXXX-interface

Message. Indicates the specific log category;

Path. Log storage path on the server;

By selecting this option, you can specify the content to be displayed. By default, all content is displayed.

1.2 query demonstration 1.2.1 compound Query

Composite query: You can use multiple query fields to query the log information of a specified service subsystem within a specified period of time. The Fields displayed in "Fields" on the home page can be used as separate Fields or multiple Fields for query, which is equivalent to multiple and matches.

1.2.1.1 specify query Fields

1) Click any record on the home page, as shown below:

2) Click the magnifier next to the field marked by the Red Arrow to filter logs of the "XXXX-interface" subsystem.

1.2.1.2 add multiple fields

Follow the "1.2.1.1" operation to add other fields.

1.2.1.3 modify the Query Class

1) return to the top of the page and click the arrow next to "FILTERING" to display the fields you have selected in the previous step.

2) Click Edit input for the corresponding field

3) enter the keyword you want to query in this field and click "Apply ".

1.2.1.4 modify time period

1) Click the triangle behind "a day ago to few seconds ago" in the upper right corner of the main interface to display the log information for the default time range.

2) Click "Custome" in the drop-down menu to select a custom time period, manually modify the start time and end time of the query (accurate to milliseconds), and click "Apply ".

1.2.2 logs

When you have found a required record through a keyword combination, you need to query the logs associated with the log. First determine the time when the log appears, and then find the relevant records by specifying the "time period + SERVER + subsystem.

1.2.3 locate faulty host

By directly searching keywords and viewing details, you can quickly locate the physical host and time range of the log.

2. Other functions

When the user closes the browser, the corresponding settings are not saved.

2.1 UI color modification

1) Click the gear in the upper right corner of the main interface.

2) Click "Sytle" under "General" and set it to "light" and click "save".

2.2 display number Modification

By default, 100 records are displayed on each page, with a total of 5 pages.

1) Click the gear icon at the end of the row where "All EVENTS" is located

2) Click the "Paging" tab to set entries and pages on each page, and click "Save"