目录
Kibana基础概念
核心组件架构
graph TB
subgraph "Kibana架构"
A[Web界面] --> B[Kibana Server]
B --> C[Elasticsearch]
subgraph "核心功能"
D[Discover 数据探索]
E[Visualize 可视化]
F[Dashboard 仪表板]
G[Canvas 画布]
H[Maps 地图]
I[Machine Learning]
end
B --> D
B --> E
B --> F
B --> G
B --> H
B --> I
end
subgraph "数据流"
J[原始数据] --> K[Elasticsearch索引]
K --> L[索引模式]
L --> M[可视化组件]
M --> N[仪表板]
end
基础配置
kibana.yml配置:
# 服务器配置
server.port: 5601
server.host: "0.0.0.0"
server.name: "kibana-server"
server.basePath: "/kibana"
# Elasticsearch配置
elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "your_password"
# 安全配置
xpack.security.enabled: true
xpack.security.encryptionKey: "something_at_least_32_characters"
xpack.security.session.idleTimeout: "1h"
xpack.security.session.lifespan: "30d"
# 监控配置
xpack.monitoring.enabled: true
xpack.monitoring.kibana.collection.enabled: true
# 日志配置
logging.level: info
logging.dest: "/var/log/kibana/kibana.log"
logging.rotate.enabled: true
logging.rotate.everyBytes: 10485760
# 性能配置
server.maxPayloadBytes: 1048576
data.search.timeout: 600000
data.search.sessions.enabled: true
# 国际化
i18n.locale: "zh-CN"
# 自定义配置
map.includeElasticMapsService: false
telemetry.enabled: false
newsfeed.enabled: false
索引模式管理
创建索引模式:
# 通过API创建索引模式
POST kbn:/api/saved_objects/index-pattern
{
"attributes": {
"title": "logs-*",
"timeFieldName": "@timestamp",
"fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"searchable\":true,\"aggregatable\":true}]"
}
}
# 刷新字段列表
POST kbn:/api/index_patterns/_fields_for_wildcard
{
"pattern": "logs-*",
"meta_fields": ["_source", "_id", "_type", "_index", "_score"]
}
字段格式化配置:
{
"fieldFormatMap": {
"@timestamp": {
"id": "date",
"params": {
"pattern": "YYYY-MM-DD HH:mm:ss"
}
},
"response_time": {
"id": "number",
"params": {
"pattern": "0,0.00"
}
},
"bytes": {
"id": "bytes",
"params": {
"pattern": "0,0.[00] b"
}
},
"percentage": {
"id": "percent",
"params": {
"pattern": "0.00%"
}
}
}
}
数据探索与发现
1. Discover界面使用
基础搜索:
# KQL (Kibana Query Language) 查询示例
# 简单匹配
message: "error"
# 字段存在性
_exists_: "user_id"
# 范围查询
response_time >= 100 and response_time < 1000
# 通配符
host.name: "web-*"
# 布尔查询
level: "ERROR" and service: "api" and not environment: "test"
# 时间范围
@timestamp >= "2024-01-15T00:00:00" and @timestamp < "2024-01-16T00:00:00"
# 正则表达式
user_agent: /.*Chrome.*/
# 嵌套字段
error.type: "NullPointerException"
# IP地址
source_ip: "192.168.1.0/24"
高级搜索技巧:
# 组合查询
(level: "ERROR" or level: "WARN") and @timestamp >= now-1h
# 字段值范围
status_code: [400 TO 599]
# 模糊匹配
message: databa~2 # 允许2个字符差异
# 短语匹配
message: "database connection failed"
# 前缀匹配
url.path: "/api/v1/*"
# 地理位置查询
geoip.location: {"lat": 40.7128, "lon": -74.0060, "distance": "100km"}
2. 数据过滤器
创建过滤器:
{
"filters": [
{
"meta": {
"alias": "Production Environment",
"disabled": false,
"negate": false,
"key": "environment",
"type": "phrase"
},
"query": {
"match_phrase": {
"environment": "production"
}
}
},
{
"meta": {
"alias": "Error Logs",
"disabled": false,
"negate": false,
"key": "level",
"type": "phrases"
},
"query": {
"bool": {
"should": [
{"match_phrase": {"level": "ERROR"}},
{"match_phrase": {"level": "FATAL"}}
],
"minimum_should_match": 1
}
}
},
{
"meta": {
"alias": "Last 24 Hours",
"disabled": false,
"negate": false,
"key": "@timestamp",
"type": "range"
},
"range": {
"@timestamp": {
"gte": "now-24h",
"lte": "now"
}
}
}
]
}
3. 字段统计分析
# 在Discover中查看字段统计
# 点击字段名称可以看到:
# - 唯一值数量
# - 前5个最常见的值
# - 数据类型分布
# - 缺失值统计
# 通过API获取字段统计
POST logs-*/_search
{
"size": 0,
"aggs": {
"field_stats": {
"terms": {
"field": "level.keyword",
"size": 10
}
},
"numeric_stats": {
"stats": {
"field": "response_time"
}
}
}
}
可视化组件详解
1. 基础图表类型
柱状图配置:
{
"title": "HTTP状态码分布",
"type": "histogram",
"params": {
"grid": {
"categoryLines": false,
"style": {
"color": "#eee"
}
},
"categoryAxes": [
{
"id": "CategoryAxis-1",
"type": "category",
"position": "bottom",
"show": true,
"style": {},
"scale": {
"type": "linear"
},
"labels": {
"show": true,
"truncate": 100
},
"title": {
"text": "状态码"
}
}
],
"valueAxes": [
{
"id": "ValueAxis-1",
"name": "LeftAxis-1",
"type": "value",
"position": "left",
"show": true,
"style": {},
"scale": {
"type": "linear",
"mode": "normal"
},
"labels": {
"show": true,
"rotate": 0,
"filter": false,
"truncate": 100
},
"title": {
"text": "请求数量"
}
}
],
"seriesParams": [
{
"show": true,
"type": "histogram",
"mode": "stacked",
"data": {
"label": "Count",
"id": "1"
},
"valueAxis": "ValueAxis-1",
"drawLinesBetweenPoints": true,
"showCircles": true
}
]
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "segment",
"params": {
"field": "status_code",
"size": 10,
"order": "desc",
"orderBy": "1"
}
}
]
}
折线图配置:
{
"title": "响应时间趋势",
"type": "line",
"params": {
"grid": {
"categoryLines": false,
"valueAxis": "ValueAxis-1"
},
"categoryAxes": [
{
"id": "CategoryAxis-1",
"type": "category",
"position": "bottom",
"show": true,
"style": {},
"scale": {
"type": "linear"
},
"labels": {
"show": true,
"filter": true,
"truncate": 100
},
"title": {
"text": "时间"
}
}
],
"valueAxes": [
{
"id": "ValueAxis-1",
"name": "LeftAxis-1",
"type": "value",
"position": "left",
"show": true,
"style": {},
"scale": {
"type": "linear",
"mode": "normal"
},
"labels": {
"show": true,
"rotate": 0,
"filter": false,
"truncate": 100
},
"title": {
"text": "响应时间 (ms)"
}
}
],
"seriesParams": [
{
"show": true,
"type": "line",
"mode": "normal",
"data": {
"label": "平均响应时间",
"id": "1"
},
"valueAxis": "ValueAxis-1",
"drawLinesBetweenPoints": true,
"lineWidth": 2,
"showCircles": true
}
],
"thresholdLine": {
"show": true,
"value": 1000,
"width": 1,
"style": "full",
"color": "#E7664C"
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "avg",
"schema": "metric",
"params": {
"field": "response_time"
}
},
{
"id": "2",
"enabled": true,
"type": "date_histogram",
"schema": "segment",
"params": {
"field": "@timestamp",
"interval": "auto",
"min_doc_count": 1
}
}
]
}
2. 高级可视化
热力图配置:
{
"title": "每小时错误分布热力图",
"type": "heatmap",
"params": {
"addTooltip": true,
"addLegend": true,
"enableHover": false,
"legendPosition": "right",
"times": [],
"colorsNumber": 4,
"colorSchema": "Reds",
"setColorRange": false,
"colorsRange": [],
"invertColors": false,
"percentageMode": false,
"valueAxes": [
{
"show": false,
"id": "ValueAxis-1",
"type": "value",
"scale": {
"type": "linear",
"defaultYExtents": false
},
"labels": {
"show": false,
"rotate": 0,
"color": "black"
}
}
]
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "date_histogram",
"schema": "segment",
"params": {
"field": "@timestamp",
"interval": "1h",
"min_doc_count": 1
}
},
{
"id": "3",
"enabled": true,
"type": "terms",
"schema": "group",
"params": {
"field": "level.keyword",
"size": 5,
"order": "desc",
"orderBy": "1"
}
}
]
}
地理地图配置:
{
"title": "用户地理分布",
"type": "tile_map",
"params": {
"colorSchema": "Yellow to Red",
"mapType": "Scaled Circle Markers",
"isDesaturated": true,
"addTooltip": true,
"heatClusterSize": 1.5,
"legendPosition": "bottomright",
"mapZoom": 2,
"mapCenter": [0, 0],
"wms": {
"enabled": false,
"options": {
"format": "image/png",
"transparent": true
}
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
},
{
"id": "2",
"enabled": true,
"type": "geohash_grid",
"schema": "segment",
"params": {
"field": "geoip.location",
"autoPrecision": true,
"precision": 2
}
}
]
}
3. 指标可视化
单值指标:
{
"title": "总请求数",
"type": "metric",
"params": {
"addTooltip": true,
"addLegend": false,
"type": "metric",
"metric": {
"percentageMode": false,
"useRanges": false,
"colorSchema": "Green to Red",
"metricColorMode": "None",
"colorsRange": [
{
"from": 0,
"to": 10000
}
],
"labels": {
"show": true
},
"invertColors": false,
"style": {
"bgFill": "#000",
"bgColor": false,
"labelColor": false,
"subText": "",
"fontSize": 60
}
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {}
}
]
}
仪表盘:
{
"title": "平均响应时间",
"type": "gauge",
"params": {
"type": "gauge",
"addTooltip": true,
"addLegend": true,
"isDisplayWarning": false,
"gauge": {
"alignment": "automatic",
"extendRange": true,
"percentageMode": false,
"gaugeType": "Arc",
"gaugeStyle": "Full",
"backStyle": "Full",
"orientation": "vertical",
"colorSchema": "Green to Red",
"gaugeColorMode": "Labels",
"colorsRange": [
{
"from": 0,
"to": 500
},
{
"from": 500,
"to": 1000
},
{
"from": 1000,
"to": 2000
}
],
"invertColors": false,
"labels": {
"show": true,
"color": "black"
},
"scale": {
"show": true,
"labels": false,
"color": "#333"
},
"type": "meter",
"style": {
"bgWidth": 0.9,
"width": 0.9,
"mask": false,
"bgMask": false,
"maskBars": 50,
"bgFill": "#eee",
"bgColor": false,
"subText": "ms",
"fontSize": 60,
"labelColor": true
}
}
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "avg",
"schema": "metric",
"params": {
"field": "response_time"
}
}
]
}
仪表板设计
1. 仪表板布局设计
响应式布局配置:
{
"version": "7.15.0",
"objects": [
{
"id": "web-analytics-dashboard",
"type": "dashboard",
"attributes": {
"title": "Web Analytics Dashboard",
"hits": 0,
"description": "实时Web分析仪表板",
"panelsJSON": "[\n {\n \"version\": \"7.15.0\",\n \"gridData\": {\n \"x\": 0,\n \"y\": 0,\n \"w\": 24,\n \"h\": 15,\n \"i\": \"1\"\n },\n \"panelIndex\": \"1\",\n \"embeddableConfig\": {},\n \"panelRefName\": \"panel_1\"\n },\n {\n \"version\": \"7.15.0\",\n \"gridData\": {\n \"x\": 24,\n \"y\": 0,\n \"w\": 24,\n \"h\": 15,\n \"i\": \"2\"\n },\n \"panelIndex\": \"2\",\n \"embeddableConfig\": {},\n \"panelRefName\": \"panel_2\"\n }\n]",
"optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}",
"timeRestore": true,
"timeTo": "now",
"timeFrom": "now-24h",
"refreshInterval": {
"pause": false,
"value": 30000
},
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
}
}
}
]
}
2. 主题和样式定制
自定义CSS样式:
/* 仪表板自定义样式 */
.dashboard-container {
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
}
/* 面板样式 */
.panel-container {
background: rgba(255, 255, 255, 0.95);
border-radius: 8px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
margin: 10px;
padding: 15px;
}
/* 标题样式 */
.panel-title {
font-size: 18px;
font-weight: 600;
color: #2c3e50;
margin-bottom: 15px;
border-bottom: 2px solid #3498db;
padding-bottom: 8px;
}
/* 指标卡片 */
.metric-card {
background: linear-gradient(45deg, #FE6B8B 30%, #FF8E53 90%);
color: white;
border-radius: 10px;
padding: 20px;
text-align: center;
box-shadow: 0 3px 5px 2px rgba(255, 105, 135, .3);
}
.metric-value {
font-size: 2.5em;
font-weight: bold;
margin-bottom: 10px;
}
.metric-label {
font-size: 1.1em;
opacity: 0.9;
}
/* 图表容器 */
.chart-container {
background: white;
border-radius: 8px;
padding: 20px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
/* 响应式设计 */
@media (max-width: 768px) {
.panel-container {
margin: 5px;
padding: 10px;
}
.metric-value {
font-size: 2em;
}
}
/* 深色主题 */
.dark-theme {
background: #1a1a1a;
color: #ffffff;
}
.dark-theme .panel-container {
background: rgba(42, 42, 42, 0.95);
border: 1px solid #444;
}
.dark-theme .panel-title {
color: #ffffff;
border-bottom-color: #007acc;
}
3. 交互式过滤器
时间选择器配置:
{
"timeOptions": [
{
"from": "now-15m",
"to": "now",
"display": "Last 15 minutes"
},
{
"from": "now-1h",
"to": "now",
"display": "Last hour"
},
{
"from": "now-24h",
"to": "now",
"display": "Last 24 hours"
},
{
"from": "now-7d",
"to": "now",
"display": "Last 7 days"
},
{
"from": "now-30d",
"to": "now",
"display": "Last 30 days"
}
],
"refreshIntervals": [
{
"pause": false,
"value": 5000,
"display": "5 seconds"
},
{
"pause": false,
"value": 30000,
"display": "30 seconds"
},
{
"pause": false,
"value": 60000,
"display": "1 minute"
},
{
"pause": false,
"value": 300000,
"display": "5 minutes"
}
]
}
控制面板配置:
{
"controls": [
{
"id": "environment-filter",
"type": "list",
"label": "Environment",
"fieldName": "environment.keyword",
"parent": "",
"options": {
"type": "terms",
"multiselect": true,
"dynamicOptions": true,
"size": 5,
"order": "desc"
}
},
{
"id": "service-filter",
"type": "list",
"label": "Service",
"fieldName": "service.keyword",
"parent": "environment-filter",
"options": {
"type": "terms",
"multiselect": true,
"dynamicOptions": true,
"size": 10,
"order": "desc"
}
},
{
"id": "response-time-range",
"type": "range",
"label": "Response Time (ms)",
"fieldName": "response_time",
"parent": "",
"options": {
"decimalPlaces": 0,
"step": 10
}
}
]
}
高级功能应用
1. Canvas画布设计
Canvas工作簿配置:
{
"name": "Executive Dashboard",
"width": 1920,
"height": 1080,
"css": ".canvasRenderEl { background: linear-gradient(45deg, #1e3c72, #2a5298); }",
"variables": [],
"isWriteable": true,
"pages": [
{
"id": "page-1",
"style": {
"background": "transparent"
},
"transition": {},
"elements": [
{
"id": "element-1",
"position": {
"left": 50,
"top": 50,
"width": 400,
"height": 300,
"angle": 0,
"parent": null
},
"expression": "filters | essql query=\"SELECT COUNT(*) as total_requests FROM logs-* WHERE @timestamp > NOW() - INTERVAL 1 DAY\" | math \"total_requests\" | metric metricFont={font family=\"Arial\" size=48 align=\"center\" color=\"#FFFFFF\"} labelFont={font family=\"Arial\" size=18 align=\"center\" color=\"#CCCCCC\"} | render",
"filter": ""
},
{
"id": "element-2",
"position": {
"left": 500,
"top": 50,
"width": 600,
"height": 400,
"angle": 0,
"parent": null
},
"expression": "filters | essql query=\"SELECT DATE_TRUNC('hour', @timestamp) as time, COUNT(*) as requests FROM logs-* WHERE @timestamp > NOW() - INTERVAL 24 HOUR GROUP BY time ORDER BY time\" | pointseries x=\"time\" y=\"requests\" color=\"#1f77b4\" | plot defaultStyle={seriesStyle lines=3 fill=false} | render",
"filter": ""
}
]
}
]
}
Canvas表达式语言:
// 基础数据查询
filters
| essql query="SELECT * FROM logs-* WHERE level='ERROR'"
| table
| render
// 指标计算
filters
| essql query="SELECT AVG(response_time) as avg_time FROM logs-*"
| math "avg_time"
| metric
metricFont={font family="Arial" size=36 color="#E74C3C"}
labelFont={font family="Arial" size=14 color="#7F8C8D"}
label="Average Response Time (ms)"
| render
// 时间序列图表
filters
| essql query="
SELECT
DATE_TRUNC('minute', @timestamp) as time,
COUNT(*) as requests,
AVG(response_time) as avg_response
FROM logs-*
WHERE @timestamp > NOW() - INTERVAL 1 HOUR
GROUP BY time
ORDER BY time
"
| pointseries x="time" y="requests" color="#3498DB"
| plot
defaultStyle={
seriesStyle lines=2 fill=0.3 points=0
}
legend=false
yaxis=false
xaxis=false
| render
// 饼图
filters
| essql query="
SELECT status_code, COUNT(*) as count
FROM logs-*
GROUP BY status_code
ORDER BY count DESC
LIMIT 5
"
| pie
hole=50
labels=false
legend="ne"
palette={palette "#E74C3C,#F39C12,#F1C40F,#27AE60,#3498DB" gradient=false}
| render
// 条件格式化
filters
| essql query="SELECT COUNT(*) as error_count FROM logs-* WHERE level='ERROR'"
| math "error_count"
| formatnumber "0,0"
| metric
metricFont={
font
family="Arial"
size=48
color={if {compare "gte" context error_count 100} then "#E74C3C" else "#27AE60"}
}
label="Error Count"
| render
2. Machine Learning集成
异常检测配置:
{
"job_id": "response_time_anomaly",
"description": "检测响应时间异常",
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "mean response time",
"function": "mean",
"field_name": "response_time",
"by_field_name": "service.keyword"
}
],
"influencers": ["service.keyword", "host.name"]
},
"data_description": {
"time_field": "@timestamp",
"time_format": "epoch_ms"
},
"model_plot_config": {
"enabled": true
},
"analysis_limits": {
"model_memory_limit": "128mb"
},
"datafeed_config": {
"datafeed_id": "datafeed-response_time_anomaly",
"indices": ["logs-*"],
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-7d"
}
}
},
{
"exists": {
"field": "response_time"
}
}
]
}
},
"scroll_size": 1000
}
}
3. 告警和通知
Watcher告警配置:
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": ["logs-*"],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-5m"
}
}
},
{
"term": {
"level.keyword": "ERROR"
}
}
]
}
},
"aggs": {
"error_count": {
"value_count": {
"field": "@timestamp"
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.aggregations.error_count.value": {
"gt": 10
}
}
},
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": ["admin@company.com"],
"subject": "High Error Rate Alert",
"body": {
"html": "<h2>Alert: High Error Rate Detected</h2><p>Error count in the last 5 minutes: {{ctx.payload.aggregations.error_count.value}}</p><p>Time: {{ctx.execution_time}}</p>"
}
}
},
"send_slack": {
"slack": {
"account": "monitoring",
"message": {
"to": ["#alerts"],
"text": "🚨 High error rate detected: {{ctx.payload.aggregations.error_count.value}} errors in the last 5 minutes"
}
}
}
}
}
用户权限管理
1. 角色定义
{
"roles": {
"kibana_admin": {
"cluster": ["all"],
"indices": [
{
"names": ["*"],
"privileges": ["all"]
}
],
"applications": [
{
"application": "kibana-.kibana",
"privileges": ["all"],
"resources": ["*"]
}
]
},
"kibana_viewer": {
"cluster": ["monitor"],
"indices": [
{
"names": ["logs-*", "metrics-*"],
"privileges": ["read"]
}
],
"applications": [
{
"application": "kibana-.kibana",
"privileges": ["read"],
"resources": ["*"]
}
]
},
"log_analyst": {
"cluster": ["monitor"],
"indices": [
{
"names": ["logs-*"],
"privileges": ["read", "view_index_metadata"]
}
],
"applications": [
{
"application": "kibana-.kibana",
"privileges": ["feature_discover.read", "feature_visualize.read", "feature_dashboard.read"],
"resources": ["*"]
}
]
}
}
}
2. 空间管理
{
"spaces": [
{
"id": "production",
"name": "Production Environment",
"description": "生产环境监控空间",
"color": "#E74C3C",
"initials": "PROD",
"disabledFeatures": ["dev_tools"],
"imageUrl": ""
},
{
"id": "staging",
"name": "Staging Environment",
"description": "测试环境监控空间",
"color": "#F39C12",
"initials": "STAGE",
"disabledFeatures": [],
"imageUrl": ""
},
{
"id": "development",
"name": "Development Environment",
"description": "开发环境监控空间",
"color": "#27AE60",
"initials": "DEV",
"disabledFeatures": [],
"imageUrl": ""
}
]
}
性能优化
1. 查询优化
// 优化前的查询
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"message": "*error*"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h"
}
}
}
]
}
}
}
// 优化后的查询
{
"query": {
"bool": {
"must": [
{
"match": {
"message": "error"
}
}
],
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-1h"
}
}
}
]
}
},
"_source": ["@timestamp", "level", "message", "service"],
"size": 100
}
2. 缓存策略
# kibana.yml缓存配置
data.search.timeout: 600000
data.search.sessions.enabled: true
data.search.sessions.defaultExpiration: 7d
data.search.sessions.management.maxSessions: 10000
data.search.sessions.management.refreshInterval: 60s
data.search.sessions.management.refreshTimeout: 10m
# 查询缓存
data.search.cache.size: 100
data.search.cache.expire: 15m
3. 性能监控脚本
#!/bin/bash
# kibana-performance-monitor.sh
KIBANA_HOST="localhost:5601"
ELASTICSEARCH_HOST="localhost:9200"
# 检查Kibana响应时间
check_kibana_response() {
echo "Checking Kibana response time..."
response_time=$(curl -o /dev/null -s -w '%{time_total}' "$KIBANA_HOST/api/status")
echo "Kibana response time: ${response_time}s"
if (( $(echo "$response_time > 5.0" | bc -l) )); then
echo "WARNING: Kibana response time is high"
fi
}
# 检查慢查询
check_slow_queries() {
echo "Checking slow queries..."
slow_queries=$(curl -s "$ELASTICSEARCH_HOST/_nodes/stats" | \
jq '.nodes[].indices.search.query_time_in_millis')
echo "Query times: $slow_queries"
}
# 检查内存使用
check_memory_usage() {
echo "Checking memory usage..."
memory_info=$(curl -s "$KIBANA_HOST/api/status" | \
jq '.status.overall.state, .metrics.process.memory')
echo "Memory info: $memory_info"
}
# 主函数
main() {
echo "Kibana Performance Monitor - $(date)"
echo "======================================"
check_kibana_response
echo
check_slow_queries
echo
check_memory_usage
echo "======================================"
}
main
实战案例
1. Web应用监控仪表板
仪表板结构:
{
"dashboard": {
"title": "Web Application Monitoring",
"panels": [
{
"title": "实时指标概览",
"type": "metrics",
"position": {"x": 0, "y": 0, "w": 12, "h": 4},
"metrics": [
"总请求数",
"错误率",
"平均响应时间",
"活跃用户数"
]
},
{
"title": "请求趋势",
"type": "line_chart",
"position": {"x": 12, "y": 0, "w": 12, "h": 8},
"metrics": ["每分钟请求数", "错误数"]
},
{
"title": "状态码分布",
"type": "pie_chart",
"position": {"x": 0, "y": 4, "w": 6, "h": 6},
"field": "status_code"
},
{
"title": "响应时间分布",
"type": "histogram",
"position": {"x": 6, "y": 4, "w": 6, "h": 6},
"field": "response_time"
},
{
"title": "地理分布",
"type": "map",
"position": {"x": 0, "y": 10, "w": 12, "h": 8},
"field": "geoip.location"
},
{
"title": "热门页面",
"type": "data_table",
"position": {"x": 12, "y": 8, "w": 12, "h": 10},
"fields": ["url.path", "count", "avg_response_time"]
}
]
}
}
2. 安全监控仪表板
{
"dashboard": {
"title": "Security Monitoring Dashboard",
"panels": [
{
"title": "安全事件概览",
"type": "metrics",
"queries": [
{
"metric": "总安全事件",
"query": "tags:security"
},
{
"metric": "高危事件",
"query": "tags:security AND severity:high"
},
{
"metric": "失败登录",
"query": "event.action:login AND event.outcome:failure"
},
{
"metric": "可疑IP",
"query": "tags:suspicious_ip"
}
]
},
{
"title": "攻击类型分布",
"type": "pie_chart",
"query": "tags:security",
"field": "attack.type"
},
{
"title": "安全事件时间线",
"type": "line_chart",
"query": "tags:security",
"time_field": "@timestamp",
"interval": "1h"
},
{
"title": "威胁地理分布",
"type": "map",
"query": "tags:security AND severity:(high OR critical)",
"field": "source.geo.location"
},
{
"title": "安全事件详情",
"type": "data_table",
"query": "tags:security",
"fields": [
"@timestamp",
"event.action",
"source.ip",
"user.name",
"severity",
"message"
],
"sort": [{"@timestamp": "desc"}]
}
]
}
}
3. 业务指标仪表板
{
"dashboard": {
"title": "Business Metrics Dashboard",
"panels": [
{
"title": "业务关键指标",
"type": "metrics",
"queries": [
{
"metric": "日活跃用户",
"query": "event.action:login",
"aggregation": "cardinality",
"field": "user.id"
},
{
"metric": "订单总数",
"query": "event.action:order_created"
},
{
"metric": "总收入",
"query": "event.action:payment_completed",
"aggregation": "sum",
"field": "order.amount"
},
{
"metric": "转化率",
"query": "event.action:(page_view OR order_created)",
"script": "params.orders / params.views * 100"
}
]
},
{
"title": "用户行为漏斗",
"type": "funnel",
"steps": [
{"name": "访问", "query": "event.action:page_view"},
{"name": "注册", "query": "event.action:user_register"},
{"name": "添加购物车", "query": "event.action:add_to_cart"},
{"name": "下单", "query": "event.action:order_created"},
{"name": "支付", "query": "event.action:payment_completed"}
]
},
{
"title": "收入趋势",
"type": "area_chart",
"query": "event.action:payment_completed",
"aggregation": "sum",
"field": "order.amount",
"interval": "1d"
},
{
"title": "产品销售排行",
"type": "horizontal_bar",
"query": "event.action:order_created",
"field": "product.name",
"size": 10
}
]
}
}
总结
本章详细介绍了Kibana的可视化与仪表板设计,包括:
核心要点
- 基础概念: Kibana架构、索引模式管理、字段格式化
- 数据探索: Discover界面使用、KQL查询语法、过滤器配置
- 可视化组件: 基础图表、高级可视化、指标展示
- 仪表板设计: 布局设计、主题定制、交互式过滤
- 高级功能: Canvas画布、Machine Learning、告警通知
- 权限管理: 角色定义、空间管理、安全配置
- 性能优化: 查询优化、缓存策略、监控脚本
最佳实践
- 合理设计仪表板布局,突出关键指标
- 使用过滤器和时间选择器提高交互性
- 优化查询性能,避免复杂的通配符查询
- 建立分层的权限管理体系
- 定期监控Kibana性能和资源使用
- 根据业务需求定制可视化组件
- 建立标准化的仪表板模板
下一章我们将学习ELK Stack的高级应用与集成。
