小黑书

Appearance

Kibana

Kibana 和 ElasticSearch 的兼容性说明:

  • 支持 Linux macOS Windows 操作系统,但老版本的系统(如 CentOS7/RHEL7)需呀特别编译 glibc 2.17 支持 node.js ;
  • Kibana 和 ElasticSearch major 版本要一致;
  • ElasticSearch minor 应该要比 kibana 的高;

参考 dev-db/elasticsearch 中提到的安装章节。

Kibana 查询语言语法(KQL)

基本语法 key: value

条件表达式

key1: value1 AND key2: value2
(key1: value1 AND key2: value2) OR (key3: value3)

全文匹配 key.text: value

过滤时间范围 @timestamp < now-2w

过滤时间范围,按天取整 @timestamp < now-2w/d

匹配特定子字段 user:{ first: "Alice" and last: "White" }

匹配多个子字段 user.*: Alice

默认内置支持 Lucene 查询语法 https://www.elastic.co/guide/en/kibana/7.17/kuery-query.html

使用 kibana 需要在 elasticsearch 中 index pattern 。

常改配置

设置 SSL https://www.elastic.co/docs/deploy-manage/security/set-up-basic-security-plus-https

修复 xpack.encryptedSavedObjects.encryptionKey 为空值警告 bin/kibana-encryption-keys generate --force https://www.elastic.co/docs/deploy-manage/security/secure-saved-objects

重置 ES 访问账号密码

ES 根目录下执行 bin/elasticsearch-reset-password -u kibana_system --url https://localhost:9200 -i

修改 kibana 主配置

yaml
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.ssl.verificationMode: none
elasticsearch.username: "kibana_system"
elasticsearch.password: "kibana_system"

配置匿名访问

  • 配置 elasticsearch 启用 xpack.security.enabledxpack.security.http.sslxpack.security.transport.ssl 等选项后
  • 在 kibana 后台新建一个用户、设置密码和赋予 viewer 权限
  • 修改 kibana 新增一个默认提供匿名用户访问的 xpack.security.authc.providers 选项,另提供非匿名用户登录 xpack.security.authc 选项
  • 重启 kibana 后生效

参考配置

yaml
xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 0
    credentials:
      username: "anonymous"
      password: "anonymous"

xpack.security.authc:
  providers:
    basic.basic1:
      order: 1

https://www.elastic.co/guide/en/kibana/8.17/kibana-authentication.html#anonymous-authentication

Logging Elasticsearch query

yaml
logging:
  appenders:
    console_appender:
      type: console
      layout:
        type: pattern
        highlight: true
  root:
    appenders: [default, console_appender]
    level: warn
  loggers:
    - name: elasticsearch.query
      level: debug
      appenders: [console_appender]

Disable non-core features

Sample:

yaml
# Configure Kibana
newsfeed.enabled: false
xpack.ccr.ui.enabled: false
xpack.license_management.ui.enabled: false
xpack.remote_clusters.ui.enabled: false
xpack.rollup.ui.enabled: false
xpack.upgrade_assistant.ui.enabled: false

i18n.locale: "en"

# APM settings in Kibana
xpack.apm.ui.enabled: false
xpack.apm.agent.migrations.enabled: false

# Fleet settings in Kibana
xpack.fleet.agents.enabled: false
# Monitoring settings in Kibana
# monitoring.ui.ccs.enabled: false
# monitoring.ui.enabled: false
# monitoring.ui.container.elasticsearch.enabled: false
# monitoring.ui.container.logstash.enabled: false

# Security settings in Kibana
xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 0
    credentials:
      username: "anonymous"
      password: "anonymous"

xpack.security.authc:
  providers:
    basic.basic1:
      order: 1

# Telemetry settings in Kibana
telemetry.optIn: false

自定义 Timestamp 格式

localhost:5601/app/management/kibana/settings

MMM D, YYYY @ HH:mm:ss.SSS

https://momentjs.com/docs/#/displaying/format/

自定义界面语言

kibana.yml

i18hn.locale: "en"i18n.lcoale: "zh-CN"

Released under the CC-BY-NC-4.0

Copyright © 1997~present tony9527167