Overview
Log System Elk use details (i)-How to use
Log System Elk use details (ii) –logstash installation and use
Elk Use of log system (iii) –elasticsearch installation
Log System Elk use details (iv) –kibana installation and use
Elk Use of log system (v)-supplement
This is the last of the small series, and we'll see how to install Kibana and make a quick query about the log information in elk. Kibana Installation
1. Download Kibana to the website;
2. Decompression;
3. Modify configuration file Kibana-5.3.0-darwin-x86_64/config/kibana.yml
Open it:
Elasticsearch.url: "http://localhost:9200"
This is the HTTP address for link es, and the default port for Kibana's own server is 5601.
4. The console runs./kibana, running successfully will see the following information:
View Log Contents
For your first visit, you need to add a index pattern to tell Kibana what types of indexes we need to search from ES.
The index name or pattern inside is not changed, because the Logstash default in ES is the logstash-* format named.
Time-field name Select @timestamp, and then click Create. Then you'll see Kibana all the field information for the corresponding index in es:
Time Filter uses
To retrieve the data, we need to go to the Discover tag page, first to familiarize ourselves with the time filter, in the upper-right corner of the page, click on it to expand the selection area. Used to select data in a time range.
Here are three ways to set up:
1. Fast: You can quickly select a time to the current time n days, n months, n years period;
2. Relative to the present time: can be more careful to set the first method of n value;
3. Time range: You can explicitly specify the start and end times.
When you select a time period, you can see the results of the search and the results of the first 500 results list, as well as the left field list, field value TOP5.
Add quick Display field
In the field list on the left, the mouse slides to a field and a Add button appears to the right of the field to add a quick display field.
Where is the quick display field, that is, the log information list on the right side of the page, because the log information contains a lot of fields, the default shows only time and _source two fields, if we want to quickly show the path field how to do. You'll need to use the ability to add a quick display field.
keyword contains a match
Sometimes we can see that there are many access logs in the log, if I want to see the access log for a particular interface.
You still need to work in the field list on the left, first by clicking on a field, such as which log file (path), you see the TOP5 interface listed, and a magnifying glass and a small mirror next to each interface. A magnifying glass is used to increase the number of entries that contain matches, and only the log that displays the value of that field after clicking.
keyword does not contain a match
Field List of the small mirror is used to set not contain a value, such as we can only see TOP5, but the first few I do not care, then we can exclude him, so that more log in the TOP5 can be seen, you need this function.
Note: You may be a lot of people who contact ES or MongoDB let you remember the previous period of bitcoin blackmail, many es and MongoDB because there is no password set, the data in the library has been deleted. Unfortunately, an ES of our extranet has also been cleaned. So if your own elk is a public network can be accessed so it is best to give ES a username password to make the data more secure.