Kibana是一个开源的用于elasticsearch的数据分析可视化平台。Kibana以可视化界面的方式对elasticsearch的索引进行检索、查看、更新等,并提供丰富的图表展现。Kibana基于Node.js实现,因而需要有Node.js运行环境。Node.js环境依赖于glibc2.4以上版本,故如果操作系统版本过低,可能无法支持,安装时一定先更新操作系统或者glibc库。
Kibana部署
1)下载kibana安装包,我们在linux环境安装,下载tar包;
2)上传tar包到服务器,解压并进入根目录;
tar -xzf kibana-6.2.2-linux-x86_64.tar.gz
cd kibana-6.2.2-linux-x86_64/3)执行如下命令,启动kibana:
./bin/kibana默认情况下,以前台进程方式启动kibana,并输出日志到stdout;通过ctrl+c或者ctrl+z结束进程;
Kibana目录结构
- home:kibana的根目录,即$KIBANA_HOME变量指向的目录;默认为安装包解压后的路径;
- bin:kibana的二进制文件所在目录,比如:kibana用于启动进程,kibana-plugin用于安装插件;默认为:$KIBANA_HOMEbin
- config:kibana的配置文件目录,核心配置文件为kibana.yml,默认路径:$KIBANA_HOMEconfig;
- data:kibana及其插件数据文件存放目录,默认为:$KIBANA_HOMEdata;
- optimize:存放优化后源代码,默认$KIBANA_HOMEoptimize;
- plugins:插件安装目录,每个插件都对应一个子目录;默认$KIBANA_HOMEplugins;
配置kibana
Kibana的配置基于kebana.yml文件,默认绑定localhost:5601启动。常用配置项如下:
console.enabled(true)
是否允许控制台方式访问kibana;
server.port(5601) 和 server.host(localhost)
配置服务器端口和地址;服务器地址默认为localhost,无法被外网访问;
server.basePath("")
kibana的访问地址根目录,类似于tomcat的rootPath;
server.maxPayloadBytes(1048576)
请求允许的最大长度,默认为1M;
server.name(hostname)
kibana的名字,为展示使用,默认为所在物理机的hostname;
elasticsearch.url(http://localhost:9200)
kibana要访问elasticsearch的地址;
kibana.index(.kibana)
kibana会在elasticsearch上创建一个索引用于存放kibana保存的检索信息、创建的视图信息以及dashboard等信息;该配置指定存放的索引名称;
pid.file(/var/run/kibana.pid)
指定kibana进程的pid文件路径;
logging.dest(stdout)
指定kibana的日志输出路径;
输出日志级别设置
- logging.silent(false),设置不输出任何日志;
- logging.quiet(false),设置只输出error日志;
- logging.verbose(false),设置输出详细日志,包括系统调用信息以及所有请求日志;
Kibana安装X-Pack
x-pack的安装顺序如下图:
1)下载x-pack安装包,如果部署elasticsearch时已经下载,则直接使用即可,下载地址: https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.2.2.zip
2)执行安装命令:
bin/kibana-plugin install file:///path/to/file/x-pack-6.2.2.zip注:此处的安装包路径一定是绝对路径,直接使用压缩包安装即可,无需解压;格式类似:file://路径
安装成功后,日志类似如下:
urrent workdir: /home/work/fzx/kibana/kibana-6.2.2-linux-x86_64
Attempting to transfer from file:///home/work/fzx/kibana/x-pack-6.2.2.zip
Transferring 314129017 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete3)设置elastic内置用户名和密码,一定要和elasticsearch的bin/x-pack/setup-passwords命令所设密码相同:
elasticsearch.username: "elastic"
elasticsearch.password: "elasticpassword"注:一定要使用内置用户elastic的用户名和密码;否则会出现认证失败的情况,kibana、logstash_system用户所给权限不足,无法对索引进行CRUD操作;
4)重启kibana,通过浏览器访问kibana地址,使用内置用户elastic和密码登录;
http://ip:port登录后如下图:
坑
[security_exception] action [indices:admin/mappings/get] is unauthorized for user [kibana]
登录kibana后,报错如下图:
解决办法:配置kibana.yml中elasticsearch的用户名和密码错误,应该使用elastic用户而非kibana用户,kibana、logstash_system用户所给权限不足,无法对索引进行CRUD操作;
kibana报503错误,elasticsearch日志报错:org.elasticsearch.indices.InvalidIndexTemplateException
org.elasticsearch.indices.InvalidIndexTemplateException: index_template [kibana_index_template:.Elasticsearch-DEV-Kibana] invalid, cause [Validation Failed: 1: name must be lower cased;]
at org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService.validate(MetaDataIndexTemplateService.java:310) ~[elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService.putTemplate(MetaDataIndexTemplateService.java:147) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.admin.indices.template.put.TransportPutIndexTemplateAction.masterOperation(TransportPutIndexTemplateAction.java:81) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.admin.indices.template.put.TransportPutIndexTemplateAction.masterOperation(TransportPutIndexTemplateAction.java:42) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.support.master.TransportMasterNodeAction.masterOperation(TransportMasterNodeAction.java:88) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$2.doRun(TransportMasterNodeAction.java:167) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:135) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.doStart(TransportMasterNodeAction.java:164) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.start(TransportMasterNodeAction.java:127) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.support.master.TransportMasterNodeAction.doExecute(TransportMasterNodeAction.java:105) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.support.master.TransportMasterNodeAction.doExecute(TransportMasterNodeAction.java:55) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:167) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$0(SecurityActionFilter.java:103) [x-pack-security-6.2.2.jar:6.2.2]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter
$$
Lambda$2377/976841642.accept(Unknown Source) [x-pack-security-6.2.2.jar:6.2.2]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60) [elasticsearch-6.2.2.jar:6.2.2]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:188) [x-pack-security-6.2.2.jar:6.2.2]
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter
$$
Lambda$2387/1116948127.accept(Unknown Source) [x-pack-security-6.2.2.jar:6.2.2]解决办法:kibana.yml中kibana.index指定的索引必须全部使用小写字母,否则报错;
