实践kibana

Posted on | In | Visitors

Kibana is an open source analytics and visualization platform designed to work with Elasticsearch. You use Kibana to search, view, and interact with data stored in Elasticsearch indices. You can easily perform advanced data analysis and visualize your data in a variety of charts, tables, and maps.

Kibana makes it easy to understand large volumes of data. Its simple, browser-based interface enables you to quickly create and share dynamic dashboards that display changes to Elasticsearch queries in real time.

Setting up Kibana is a snap. You can install Kibana and start exploring your Elasticsearch indices in minutes — no code, no additional infrastructure required.

Kibana Guide

Logs

Settings

默认columns包含Timestamp、event.dataset和Message等3个field。可以自定义新增field,比如loglevel、pid等。

log columns

Stream

Kibana Query Language

exact search terms

field search

phrase match

fuzzy search

boolean query

fuzzy field search

plugins

kibana-own-home adds multi-tenancy feature to Kibana.

Dev Tools

index

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 创建索引
put /{index_name}
{
  "mappings":{
    "properties":{
      "goodId":{
        "type":"long"
      },
      "goodName":{
        "type":"text",
        "analyzer": "ik_max_word"
      }
    }
  }
}

# 查询索引
get /{index_name}
get /{index_name}/_mapping
get /{index_name}/_settings
# 删除索引
delete /{index_name}

data

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 新增数据(如果索引不存在会自动新建索引),(text类型的会自动创建{field}.keyword)
post /{index_name}/_doc
# 新增或保存指定_id的数据
post /{index_name}/_doc/{_id}
# 批量新增数据(如果索引不存在会自动新建索引)
POST /{index_name}/_bulk
# 查询指定_id的数据
get /{index_name}/_doc/{_id}
# 删除指定_id的数据
delete /{index_name}/_doc/{_id}
# 删除指定索引的全部数据
POST /demo_index/_delete_by_query
{
  "query": {
    "match_all": {}
  }
}
# 查询全部数据
get /{index_name}/_search
# 查询符合条件的数据
get /{index_name}/_search
{
  "query": {
    "match": {
      "goodName": "org"
    }
  }
}