Kibana4 Simple to use

<center>
# Elk Log System Usage Notes #
</center>


Comparison of **K3 and K4 * *

![] (Https://git.zhubajie.la/caojiaojiao/System/raw/master/image/kibana4/%E5%AF%B9%E6%AF%94.png)

![] (Https://git.zhubajie.la/caojiaojiao/System/raw/master/image/kibana4/%E5%AF%B9%E6%AF%9434.png)


1. Beautiful interface: Kibana4 has not yet provided the query settings in similar Kibana3, including the query alias and color picker, two common functions

2. Log display: Kibana4 is highlighted

3. Page design: KIBANA3 is a single page application built around the dashboard. On the page logic, KIBANA3 is relatively concise, Kibana4 slightly complex.

<center>
# #一, System Introduction
</center>

ELK (Logstash+elasticsearch+kibana) is a set of open source real-time log analysis system. At present, the system has been used in a small range. For the developers, there is no need to care about the implementation of the system at the bottom, just focus on the use of Kibana. Kibana4, the function is split into search (Discover), visualization (visualize) and the instrument panel (Dashboard) Three tags, we use most of the place is the search, currently give you mainly introduce the use of search page.


<center>
# Use of #二 and Kibana4
</center>

Login entry: Dimensional plane and Application Center: ELK

Address: https://op.zhubajie.la/

<center>
# # Quick Query Project log
</center>
* * Select panel--Select item * *
![] (Https://git.zhubajie.la/caojiaojiao/System/raw/master/image/kibana4/%E9%A1%B9%E7%9B%AE.png)



First select the Panel, search box input: Tags: "project name" or host: "Project name" to view the corresponding project log

<center>
# # Discover Function # #
</center>
The Discover tab is used to interactively explore your data. You can access each record that matches each index on the index pattern that you choose. You can submit a search request, filter the search results, and then view the document data. You can also see the total number of documents matching the search request and get statistics on the field values. If the indexed mode is configured with a Time field, the timing distribution of the document is displayed as a histogram at the top of the page.

![] (Https://git.zhubajie.la/caojiaojiao/System/raw/master/image/kibana4/%E4%B8%BB%E9%9D%A2%E6%9D%BF.png)

* * View Log data * *

![] (https://git.zhubajie.la/caojiaojiao/System/raw/master/image/kibana4/%E6%97%A5%E5%BF%97%E8%AF%A6%E7%BB%86%E5 %86%85%e5%ae%b9.png)

Click the small triangle in the log content to view the log details.
To view the contents of a document on a separate page, click on the link. You can add bookmarks or share this link to access this particular document directly.

**1) Search Data * *

By submitting a search on the Discover page, you can search for index data that matches the current index pattern.
When you submit a search, the histogram, document table, and field list are automatically reflected as search results. The total number of hits (matching documents) is displayed in the upper-right corner of the histogram.

* Enter the request string within the search box *:

-* * Wildcard characters * *: With? Represents a single letter, * denotes any letter. Like Fir?t mess*.

-* * Simple Text Search * *: Enter text string directly. For example, if you are searching the Web server log, you can enter error to search for the error word in each field.

-* * Search for a specific field's value * *: Then precede the value with the field name. Like status:200.

-* * Range Search * *: For values and time, [Start_value to End_value]. For example, to find the 4xx status code, status:[400 to 499].

-* * combination of multiple search conditions * *: You can use not, and and or to combine the search,* * Note must be in UPPERCASE * *. For example, to find the status code for 4XX, or the end of PHP or HTML data, status:[400 to 499] and (extension:php or extension:html). Where [] means that the value of the endpoint is contained in the range, and {} means that the endpoint value is not included in the range.

-Approximate search: use ~ to indicate that a search word may have one or two letters written in the wrong. such as frist~;



**2) Set Time filter * *

The default time filter is set to the last 15 minutes. You can use the time picker at the top of the page to modify the time filter.

![] (Https://git.zhubajie.la/caojiaojiao/System/raw/master/image/kibana4/timer.png)

**3) Log Index Settings * *


-Nginx Log index: [logstash-nginx-*]

-Service Nginx Log index: [api-nginx-]yyyy. Mm. Dd

-Java Log index: [logstash-jetty-]yyyy. Mm. Dd

-PHP Log index: [logstash-php-*]

-MySQL log index: [logstash-]yyyy. Mm. Dd

-Other logs: [LOGSTASH-]YYYY. Mm. DD (Note: The index is the system default index, you need to search other logs, follow the steps to change the index)

![] (Https://git.zhubajie.la/caojiaojiao/System/raw/master/image/kibana4/%E7%B4%A2%E5%BC%95.png)


**4) Save Search * *

You can load a saved search panel on the Discover page, or you can use it as the basis for visualizations. Saving a search means that both the search request string and the currently selected index mode are saved.
<table>
<td>

Save Current search:
1. Click the Save Search button on the Discover toolbar
2. Enter a name and click Save.

Load an existing search:

1. Click the Load Search button on the Discover toolbar.

2. Select the search you want to load.
If a saved search is associated with another index that is not the same as the index pattern you are currently selecting, loading this search will also toggle the current selected index mode.
</td>


</table>


**5) Change the index of your search * *

When you submit a search request, the index matching the current selected index pattern will be searched. The current mode mode is displayed below the search bar. To change the index of the search, you need to select a different mode mode.

To select a different index mode:

(1). Click the Settings button on the Discover toolbar.

(2). Select the mode you want to use from the list of index patterns.

**6) Auto Refresh page * *

You can also configure a refresh interval to automatically refresh the latest index data for the Discover page. This time, the search request is resubmitted periodically.

After you set the refresh interval, it appears on the left side of the menu bar time filter.

To set the Refresh interval:

1. Click Time Filter in the upper right corner of the menu bar.
2. Click the Refresh Interval tab.
3. Select a refresh interval from the list.
To refresh the data automatically, click the Auto-refresh button and select an automatic refresh interval:

! [] (https://git.zhubajie.la/caojiaojiao/System/raw/master/image/kibana4/%E6%97%B6%E9%97%B4%E9%97%B4%E9%9A%94.png)

When auto refresh is turned on, a pause button and an automatic refresh interval appear at the top bar of the Kibana. Click the pause button to pause the automatic refresh.

Note: If you have any questions during use, please contact 蒋挺. Thank you for your cooperation.

Kibana4 Simple to use