Log System ELK usage (4) -- kibana installation and use, elk -- kibana

Log System ELK usage (4) -- kibana installation and use, elk -- kibana
Overview

Log System ELK usage (1)-How to Use
Log System ELK usage (2)-Logstash Installation and Use
Log System ELK usage (III)-elasticsearch Installation
Log System ELK usage (4)-kibana Installation and Use
Log System ELK usage (5)-Supplement

This is the last article in this small series. We will see how to install kibana and how to quickly query the log information in ELK.

Install kibana

1. Download kibana from the official website;
2. Extract;
3. Modify the profile kibana-5.3.0-darwin-x86_64/config/kibana. yml
Open:

elasticsearch.url: "http://localhost:9200"

This is the http address linking elasticsearch. The default port of kibana server is 5601.
4. Run./kibana in the console. The following information is displayed when the task runs successfully:

View log Content

During the first access, you need to add an index pattern to tell kibana which types of indexes need to be searched from es.

You do not need to change the index name or pattern in it, because the index created in elasticsearch by default is named in the logstash-* format.

Select @ timestamp for Time-field name and click Create. Then we can see that kibana obtains all the fields of the corresponding indexes in es:

Time Filter usage

To retrieve data, you need to go to the Discover tag page to familiarize yourself with the time filter. In the upper right corner of the page, click it to expand the selection area. Used to select data within a time range.

Three setting methods are provided:
1. Fast: You can quickly select a time period of N days, N months, and N years until the current time;
2. Compared with the current time, you can set the N value in the first method in more detail;
3. Time Range: Specify the start time and end time.

After selecting a time period, you can see the distribution of search results and the result list of the first 500 results, as well as the field list on the left and the top 5 Field Values.

Add a quick display field

In the field list on the left, move the mouse to a field, and an add button will appear on the right of the field to add a field for quick display.

Where is the field displayed quickly? It is the log information list on the right side of the page. Because the log information contains many fields, only the time and _ source fields are displayed by default, what if we want to quickly display the path field? You need to add the quick field display function.

Keyword include match

Sometimes we can see that there are many interface access logs in the log. What if I want to see the access logs of a specific interface?

You still need to operate on the field list on the left. First, click a field, for example, the log file (path) from which the log file is located. The top 5 interfaces listed are displayed, each interface has a magnifier and a small mirror. A magnifier is used to add a log that contains a match and only displays the field value after clicking it.

Keyword does not contain match

A small mirror in the Field List is used to set a value that does not contain a specific value. For example, we can only see the top 5, but I don't care about the first few items, so we can exclude them, this function is required to enable more logs to be viewed in top5.

Note: many people may be familiar with elasticsearch or mongodb, which reminds you of bitcoin ransom some time ago. Many elasticsearch and mongodb databases are deleted because they have not set a password. Unfortunately, an elasticsearch instance on the Internet is also cleaned. Therefore, if your ELK can be accessed through the public network, you 'd better set a user name and password for elasticsearch to ensure data security.

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.