kibana入门

Kibana简介及部署

什么是Kibana?

  • Kibana是一个通过调用elasticsearch服务器进行图形化展示搜索结果的开源项目

kibana安装及配置

下载地址

# 安装kibana
[root@kibana ~]# yum localinstall -y kibana-5.6.16-x86_64.rpm
#配置Kibana
[root@kibana ~]# grep -n "^[a-Z]" /etc/kibana/kibana.yml
2:server.port: 5601
7:server.host: "0.0.0.0"
21:elasticsearch.url: "http://10.0.0.82:9200"
#启动Kibana(CentOS6)
[root@kibana ~]# /etc/init.d/kibana start
#启动Kibana(CentOS7)
[root@kibana ~]# systemctl start kibana
#验证端口是否启动
[root@kibana ~]# netstat -lntup | grep 5601
tcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      3140/node  
#打开浏览器,访问:10.0.0.92:5601

img

Kibana中添加ES索引

img

img

在上图右边红框出写入ES索引名,下图中红框部分,就是ES中的索引,也是日志名称。

img

img

img

img

img

img

img

img

img

logstash复制java日志

# 安装tomcat
[root@logstash ~]# yum install -y tomcat

# 创建目录
[root@logstash ~]# mkdir /usr/share/tomcat/webapps/ROOT

# 创建文件
[root@logstash ~]# vim /usr/share/tomcat/webapps/ROOT/index.jsp
tomcat

# 启动tomcat
[root@logstash ~]# systemctl start tomcat

# 检查端口
[root@logstash ~]# netstat -lntup | grep 8080
tcp6       0      0 :::8080                 :::*                    LISTEN      3525/java     

# 检查日志
[root@logstash ~]# ll /var/log/tomcat

# 浏览器访问
10.0.0.91:8080

img

logstash收集tomcat到ES

[root@logstash ~]# vim /etc/logstash/conf.d/tomcat.conf
input{
        file{
                type => "tomcat_log"
                path => "/var/log/tomcat/localhost_access_log.2023-07-12.txt"
                start_position => "beginning"
        }
}
output{
        elasticsearch{
                hosts => ["10.0.0.82:9200"]
                index => "%{type}-%{+yyyy.MM.dd}"
        }
}
## 启动
[root@logstash ~]# logstash -f /etc/logstash/conf.d/tomcat.conf

img

放入kibana

img

img

修改前的日志

img

修改tomcat日志格式为Json

[root@logstash ~]# vim /etc/tomcat/server.xml
137行,加入到pattern里
"clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t","method":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":"%{Referer}i","AgentVersion":"%{User-Agent}i"

img

修改日之后的区别

json格式

[root@logstash ~]# vim /etc/logstash/conf.d/tomcat.conf
input{
        file{
                type => "tomcat_log"
                path => "/var/log/tomcat/localhost_access_log.2023-07-12.txt"
                start_position => "beginning"
        }
}
filter{
    json{
        source => 'message'
        }
    }
output{
        elasticsearch{
                hosts => ["10.0.0.81:9200"]
                index => "%{type}-%{+yyyy.MM.dd}"
        }
}

img

json日志和普通日志的区别

img