kibana4 的安装、配置和使用

2015-12-22 22:41:12   最后更新: 2015-12-22 22:41:12   访问数量:3978




kibana 是 Elastic.co 提供的个性化统计数据、图标展示页面,而 kibana4 则是一个全新的改版,与 kibana3 有着本质的不同

kibana3 实质上是一组页面,通过 nginx 或 Apache 或其他任何一个服务器配置域名到目录的映射,实现访问,而全新的 kibana4 中集成了 nodejs,因此无需再依赖任何 webserver

而从页面上看,kibana4 也和 kibana3 有着十分巨大的区别,很多功能的配置方式有很大不同

 

 

kibana4 的安装十分简单,从官网上下载 kibana4 以后,目录中有 README 文件:

Kibana 4.1.3 ============ Build Status Kibana is an open source (Apache Licensed), browser based analytics and search dashboard for Elasticsearch. Kibana is a snap to setup and start using. Kibana strives to be easy to get started with, while also being flexible and powerful, just like Elasticsearch. Requirements ============ Elasticsearch version 1.4.4 or later Kibana binary package Installation ============ Download: http://www.elastic.co/downloads/kibana Run bin/kibana on unix, or bin\kibana.bat on Windows. Visit http://localhost:5601 Quick Start =========== You're up and running! Fantastic! Kibana is now running on port 5601, so point your browser at http://YOURDOMAIN.com:5601. The first screen you arrive at will ask you to configure an index pattern. An index pattern describes to Kibana how to access your data. We make the guess that you're working with log data, and we hope (because it's awesome) that you're working with Logstash. By default, we fill in logstash-* as your index pattern, thus the only thing you need to do is select which field contains the timestamp you'd like to use. Kibana reads your Elasticsearch mapping to find your time fields - select one from the list and hit Create. Tip: there's an optimization in the way of the Use event times to create index names option. Since Logstash creates an index every day, Kibana uses that fact to only search indices that could possibly contain data in your selected time range. Congratulations, you have an index pattern! You should now be looking at a paginated list of the fields in your index or indices, as well as some informative data about them. Kibana has automatically set this new index pattern as your default index pattern. If you'd like to know more about index patterns, pop into to the Settings section of the documentation. Did you know: Both indices and indexes are acceptable plural forms of the word index. Knowledge is power. Now that you've configured an index pattern, you're ready to hop over to the Discover screen and try out a few searches. Click on Discover in the navigation bar at the top of the screen. Documentation ============= Visit Elastic.co for the full Kibana documentation. Snapshot Builds =============== For the daring, snapshot builds are available. These builds are created after each commit to the master branch, and therefore are not something you should run in production. platform OSX tar zip Linux x64 tar zip Linux x86 tar zip Windows tar zip

 

 

Download: http://www.elastic.co/downloads/kibana

Run bin/kibana on unix, or bin\kibana.bat on Windows.

Visit http://localhost:5601

You're up and running! Fantastic! Kibana is now running on port 5601, so point your browser at http://YOURDOMAIN.com:5601.

 

是的,只需要执行 ./bin/kibana,然后打开浏览器,访问 http://localhost:5601 就可以看到 kibana 已经启动了

 

kibana4 的配置文件默认在源码路径的 config 目录下,你也可以通过启动参数的 -c 参数指定

同时,kibana4 还提供了几个启动参数,用来提供部分配置信息

执行 ./bin/kibana -h 可以看到:

Options: -h, --help output usage information -V, --version output the version number -e, --elasticsearch <uri> Elasticsearch instance -c, --config <path> Path to the config file -p, --port <port> The port to bind to -q, --quiet Turns off logging -H, --host <host> The host to bind to -l, --log-file <path> The file to log to --plugins <path> Path to scan for plugins

 

 

与 elasticsearch 一样,kibana4 的配置文件使用的也是 yml 格式,其中有丰富的注释,可以实现对上游 elasticsearch 的各种配置,默认用户组、用户的配置,log 文件的配置,限制访问的 host、port 等等的配置,也可以指定出口占用的端口号,默认是 5601

 

当然,kibana 中记录了你所监控的大量数据,甚至可以通过他访问你的 elasticsearch 中的所有数据,在工程生产环境中,是不能让别人轻易地可以访问的,需要加密和控制权限

最直观的,修改 kibana 源码,在进入页面前加一层校验,我并没有这么做

我选择的是首先配置 kibana 限制访问 host 为 localhost,以便禁止外网访问,然后使用 nginx upstream 做一层转发,通过 nginx 内核中的 ngx_http_auth_basic_module 模块进行权限验证

 

限制外网访问

上面已经提到,只需要在 kibana 的配置文件 kibana.yml 中加入:

host: "127.0.0.1"

 

 

这样,外网将无法访问到你的 kibana 页面

 

使用 nginx 做反向代理

upstream kibana4 { server 127.0.0.1:5601 fail_timeout=0; } server { listen 80; server_name k4.techlog.cn; access_log /var/log/nginx/kibana_access.log json; error_log /var/log/nginx/error.log; location / { proxy_pass http://kibana4; rewrite ^/(.*) /$1 break; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/htpasswd; } }

 

 

这里,nginx 配置了一个反向代理规则 kibana4,并通过 server 配置了一个 virtualhost,在其中配置了 rewrite 规则

凡是进入该 location 中的请求都会被转发到 kibana4 的 rewrite 规则中

 

ngx_http_auth_basic_module 配置

接下来,我们要对 nginx 的 upstream 传输进行加密,首先我们需要在 location 中加入 auth_basic 和 auth_basic_user_file 两个配置

  • auth_basic 指令如果置为 "off" 则会负略下级指令继承的动作,一般我们需要设置为 "Restricted" 来限制外网的访问
  • auth_basic_user_file 则指定了密码文件

 

密码文件中每行是一个用户名和密码的组合,通过下面的格式进行组织:

user1:passwd1 user2:passwd2:comment2

 

最后的注释信息是可选的

 

密码字段是通过 crypt 函数加密的,Apache 的 htpasswd 程序可以生成相应的密码,通过 php 的 crypt 函数也可以做到

 

kibana4 使用配置中的 elasticsearch 作为数据源,并且需要指定 elasticsearch 的 index,kibana 可以管理多个 index,但是对 type 并没有区分,type 也作为了一个 elasticsearch 字段被处理

kibana 的选项卡中有四个选项,分别是:

  1. Discover -- 显示具体的日志信息及按时间进行的条数统计柱状图
  2. Visualize -- 统计图表画布,你可以在里面创建表格、折线图、饼图、条形图甚至是地图,监控各项数据,个性化程度非常强,也十分简单易用
  3. Dashboard -- 对保存后的 Visualize 进行显示的仪表板,与画布一样,你可以保存多个仪表板,同时每个仪表板还可以跨越不同的时间间隔,让监控变得更加方便和个性化
  4. Setting -- 编辑、增加 index,对 kibana 本身、Visualize、Dashboard 等都可以进行配置

 

总之,kibana 上手还算是非常容易的,功能却是十分的强大,也十分有趣,值得多多把玩和品位

 






技术帖      技术分享      elasticsearch      kibana      监控      elk      elkstack      monitor      kibana4      图表      dashboard      visualize      discover     


京ICP备15018585号