Kibana 官方示例
官方网站:
中文站点:
环境:
kibana-4.5
elasticsearch-2.3.2
一.下载并解压示例数据
二.创建mapping
Use the following command to set up a mapping for the Shakespeare
data set:
curl -XPUT http://localhost:9200/shakespeare -d '
{
"mappings" : {
"_default_" : {
"properties" : {
"speaker" : {"type": "string", "index" : "not_analyzed" },
"play_name" : {"type": "string", "index" : "not_analyzed" },
"line_id" : { "type" : "integer" },
"speech_number" : { "type" : "integer" }
}
}
}
}
';
Use the following commands to
establish geo_point mapping
for the logs:
curl -XPUT http://localhost:9200/logstash-2015.05.18 -d '
{
"mappings": {
"log": {
"properties": {
"geo": {
"properties": {
"coordinates": {
"type": "geo_point"
}
}
}
}
}
}
}
';
curl -XPUT http://localhost:9200/logstash-2015.05.19 -d '
{
"mappings": {
"log": {
"properties": {
"geo": {
"properties": {
"coordinates": {
"type": "geo_point"
}
}
}
}
}
}
}
';
curl -XPUT http://localhost:9200/logstash-2015.05.20 -d '
{
"mappings": {
"log": {
"properties": {
"geo": {
"properties": {
"coordinates": {
"type": "geo_point"
}
}
}
}
}
}
}
';
三.导入示例数据--莎士比亚全集
curl -XPOST 'localhost:9200/bank/account/_bulk?pretty' --data-binary @accounts.json
curl -XPOST 'localhost:9200/shakespeare/_bulk?pretty' --data-binary @shakespeare.json
curl -XPOST 'localhost:9200/_bulk?pretty' --data-binary @logs.jsonl
root@jlive:~#curl
'localhost:9200/_cat/indices?v'
health
status index
pri rep docs.count
docs.deleted store.size pri.store.size
yellow
open shakespeare
5 1
111396
0
18mb
18mb
yellow
open logstash-2015.05.20 5
1
4750
0 27.5mb
27.5mb
yellow
open bank
5 1
1000
0
442.6kb
442.6kb
yellow
open logstash-2015.05.18 5
1
4631
0 29.2mb
29.2mb
yellow
open logstash-2015.05.19 5
1
4624
0 30.3mb
30.3mb
四.kibana
Dashboard
1.Settings(定义Index Patterns)
创建时不要勾选Index
contains time-based events
创建3个indices(shakes*, ba*,
logstash*)
2.Discover
account_number:<100 AND balance:>47500
3.Visualize
i.Pie
Chart
Pie Chart --> From a new
search --> ba* --> Split
Slices --> Range --> balance --> Add
Range
Add sub-buckets --> Split
Slices --> Terms --> age
--> Apply
changes --> Save
Visualization(Pie-Example)
ii.Vertical
bar chart
New Visualization --> Vertical
bar chart --> From
a new search -->
shakes*
Y-axis
--> Unique
Count --> speaker
X-Axis --> Terms --> play_name --> Order
--> Ascending
--> Size(5)
Y-axis --> Add
metrics --> Max
--> speech_number
Options --> Bar
Mode --> grouped --> Apply
changes --> Save
Visualization(Bar-Example)
iii.Tile
map
Dashboard -->
Absolute(May
18, 2015 to May 20, 2015) -->
Go
Tile map -->
From a new search --> logstash*
--> Geo Coordinates -->
Geohash -->
geo.coordinates --> Apply
changes --> Save
Visualization(Map-Example)
可以拖拽,放大缩小,改变地图样式,自定义过滤条件
iv.Markdown
widget
# This is a tutorial dashboard!
The Markdown widget uses **markdown** syntax.
> Blockquotes in Markdown use the > character.
Click the green Apply
changes button to
display the rendered Markdown in the preview pane:
保存为Markdown Example
4.整合Visualize到Dashboard
Dashboard --> Add
Visualization --> Markdown
Example, Pie
Example, Bar
Example,
and Map
Example --> Save Dashboard(Tutorial
Dashboard)