安装

你只需要下面这些东西就可以分分钟把 Kibana 装好了：

• 2.3 或更高版本的 Elasticsearch

• 一个主流的 Web 浏览器 - 被支持的浏览器IE 算么？

• Elasticsearch 的一些信息：

  • 你想要访问的 Elasticsearch 实例的 URL 地址

  • 你要搜索的 Elasticsearch 索引

注意

如果你用了 Shield 来增强 Elasticsearhc 的安全性。请参照 Shield with Kibana 4 一文进行一些额外的配置

安装并运行 Kibana

要把 Kibana 装起来，你就需要：

1. 下载你的操作系统对应的 Kibana 4 安装包

2. 解压 .zip 或者 tar.gz 格式的亚索文件

3. 在安装目录中运行 Kibana: bin/kibana (Linux/MacOSX) 或 bin\kibana.bat(Windows).

在 Unix 平台，你可以通过运行包管理器来安装。

Kibana 资源库

支持 apt 或 yum 命令的发行版 Unix 也有相应的可用的 Kibana 二进制包。我们也为基于 APT 或 YUM 的发行版提供了可用的资源库。

注意

Since the packages are created as part of the Kibana build, source packages are not available.

二进制包采用 PGP key D88E42B4 签署，该 key 的指纹码如下：

4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4

使用 apt-get 命令安装 Kibana

1. 下载并安装公共签名 key

   wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
   

2. 将资源库配置信息添加到你的 /etc/apt/sources.list.d/kibana.list 文件中：

   echo "deb http://packages.elastic.co/kibana/4.5/debian stable main" | sudo tee -a /etc/apt/sources.list
   

   警告

   请使用上面哪个 echo 方法来添加 Kibana 资源库，而不要使用 add-apt-repository 命令，因为这个命令会 add a deb-src entry with no corresponding source package。When the deb-src entry, is present, the commands in this procedure 将会产生一个下面这样的错误：

   Unable to find expected entry 'main/source/Sources' in Release file (Wrong sources.list entry or malformed file)
   

   把 /etc/apt/sources.list.d/kibana.list 里的 deb-src entry 删掉来清除这个错误

3. 运行一个 apt-get update 命令，资源库就可以使用了。然后就可以安装 Kibana 了:

   sudo apt-get update && sudo apt-get install kibana
   

4. 把 Kibana 设置成自启动。如果你的发行版 is using the System V version of init，那就运行这段代码：

   sudo update-rc.d kibana defaults 95 10
   

5. 如果你的发行版 is using systemd，则运行这段：

   sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service
   

用 yum 命令安装 Kibana

警告

以此方式安装的资源库并不兼容使用了版本号为 3.x 的 RPM 的发行版，比如 5.x 的 CentOS。

1. 下载并安装公共签名 key

   rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
   

2. 在 /etc/yum.repos.d/ 目录下创建一个名叫 kibana.repo 的文件，并在文件中输入以下内容：

   [kibana-4.5]
   name=Kibana repository for 4.5.x packages
   baseurl=http://packages.elastic.co/kibana/4.5/centos
   gpgcheck=1
   gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
   enabled=1
   

3. 运行下面这段命令来安装 Kibana

   yum install kibana
   

4. 将 Kibana 设置成自启动。 如果你使用的发行版使用了 the System V version of init (check with ps -p 1)，运行一下命令：

   chkconfig --add kibana
   

   如果你使用的发行版使用了 systemd, 则运行这段命令:

   sudo /bin/systemctl daemon-reload 
   sudo /bin/systemctl enable kibana.service
   

搞完了，现在 Kibana 就运行在 5601 端口上了。

动态映射

默认情况下,Elasticsearch 是开启字段的动态映射功能的。Kibana 也正需要这一功能来正确地动态映射可视化功能所涉及到的字段,同时也需要这一个功能来管理 kibana 索引,该索引存储了搜索,可视化以及仪表板相关的数据。

如果你的使用场景中需要你禁用掉 Elasticsearch 的动态映射功能。那你就只能手动地为 Kibana 中用来创建可视化界面的字段进行映射相关的配置了。你也需要手动地为 .kibana 索引开启动态映射功能。

The following procedure assumes that the .kibana index does not already exist in Elasticsearch and that the index.mapper.dynamic setting in elasticsearch.yml is set to false:

现在假设 .kibana 索引还不存在并且动态映射功能通过 elasticsearch.yml 配置文件来禁用掉了：

1. 开启 Elasticsearch

2. 创建 .kibana 索引，并允许其使用动态映射功能：

   PUT .kibana
   {
    "index.mapper.dynamic": true
   }
   

3. 开启 Kibana 并打开它的 web 界面，确认没有任何与动态映射相关的报错信息。

将 Kibana 与 Elasticsearch 关联起来

在你使用 Kibana 之前，你需要告诉它你想要处理 Elasticsearch 中的哪个索引中的数据。当你第一次使用 Kibana 的时候，它会提示你输入一个名称规则，只要索引的名字符合这个规则，它就认为这个索引是你需要处理的索引。就这么点配置就行了，so easy，然后你也可以在 Setting 页中添加名称规则。

提示

默认情况下，Kibana 会与本地的 Elasticsearch 实例进行通讯。如果要与其他 Elasticsearch 实例进行通讯的话，你就需要修改 kibana.yml 配置文件中的 Elasticsearch URL 地址信息了。要在你的生产环境中使用的话，请继续阅读 Using Kibana in a Production Environment 一文

具体的操作步骤：

1. 在浏览器地址栏里输入端口号 5601 来打开 Kibana 的界面。比如 localhost:5601 或者 http://xxx：5601。

2. 指定一个索引名称规则。默认情况下 Kibana 认为你需要处理的索引是 Logstash 的索引。如果的确是这样的话，那你就只要使用默认值“logstash-*”就行。星号（*）表示零或多个字符，和 SQL 中的通配符 * 作用一样。如果你的目标索引名字不是用这个规则命名的话，那你就把默认值改成正确的值。你当然也可以就输入某个指定的索引的名字来只匹配这一个索引。

3. 如果你需要进行基于时间的数据比较的话，就需要选择含有时间戳的索引字段。Kibana 会读取索引映射然后列出所有包含时间戳的字段。如果你的索引中并没有基于时间的数据，那就不要勾选 Index contains time-based events 选项。

   警告

   Use event times to create index names 这个功能已经在这个版本中被废弃了，下个主版本会彻底删掉这一功能。Elasticsearch 2.1 含有高精度的日期解析 API，Kibana 使用它来判断日期信息，所以不再需要在索引命名规范中指定日期信息

4. 点击 Create 按钮来完成索引名称规则的新建操作。然后这个命名规则就会被自动设置为默认值。当你有多个名称国泽的时候，你就需要在 Setting > Indices 中指明一个默认值。

看呐！Kibana 现在就能访问到你的 Elasticsearch 中的数据惹！！！Kibana 展现了一个只读的列表，列出了匹配名称规则的索引的字段。

开始在你的数据里遨游吧！

至此，你已经做好了所有的前置工作，可以开始使用 Kibana 来在你的数据中潜水了多水少女，污~\~：

• 在 Discover 页面中交互式地搜索或浏览你的数据。

• 在 Visualize 页面中把你的数据用图形化的方式显示出来

• 在 Dashboard 页面中创建并查询你的定制化的仪表板

阅读一下 Getting Started 一文，了解一下 Kibana 的这些核心的功能点。

Getting Kibana Up and Running

You can set up Kibana and start exploring your Elasticsearch indices in minutes. All you need is:

• Elasticsearch 2.3 or later

• A modern web browser - Supported Browsers.

• Information about your Elasticsearch installation:

  • URL of the Elasticsearch instance you want to connect to.

  • Which Elasticsearch indices you want to search.

NOTE

If your Elasticsearch installation is protected by Shield see Shield with Kibana 4 for additional setup instructions.

Install and Start Kibana

To get Kibana up and running:

1. Download the Kibana 4 binary package for your platform.

2. Extract the .zip or tar.gz archive file.

3. Run Kibana from the install directory: bin/kibana (Linux/MacOSX) or bin\kibana.bat(Windows).

On Unix, you can instead run the package manager suited for your distribution.

Kibana Repositories

Binary packages for Kibana are available for Unix distributions that support the apt and yumtools.We also have repositories available for APT and YUM based distributions.

NOTE

Since the packages are created as part of the Kibana build, source packages are not available.

Packages are signed with the PGP key D88E42B4, which has the following fingerprint:

4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4

Installing Kibana with apt-get

1. Download and install the Public Signing Key:

   wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
   

2. Add the repository definition to your /etc/apt/sources.list.d/kibana.list file:

   echo "deb http://packages.elastic.co/kibana/4.5/debian stable main" | sudo tee -a /etc/apt/sources.list
   

   Warning

   Use the echo method described above to add the Kibana repository. Do not useadd-apt-repository, as that command adds a deb-src entry with no corresponding source package. When the deb-src entry, is present, the commands in this procedure generate an error similar to the following:

   Unable to find expected entry 'main/source/Sources' in Release file (Wrong sources.list entry or malformed file)
   

   Delete the deb-src entry from the /etc/apt/sources.list.d/kibana.list file to clear the error.

3. Run apt-get update and the repository is ready for use. Install Kibana with the following command:

   sudo apt-get update && sudo apt-get install kibana
   

4. Configure Kibana to automatically start during bootup. If your distribution is using the System V version of init, run the following command:

   sudo update-rc.d kibana defaults 95 10
   

5. If your distribution is using systemd, run the following commands instead:

   sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service
   

Installing Kibana with yum

Warning

The repositories set up in this procedure are not compatible with distributions using version 3 of rpm, such as CentOS version 5.

1. Download and install the public signing key:

   rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
   

2. Create a file named kibana.repo in the /etc/yum.repos.d/ directory with the following contents:

   [kibana-4.5]
   name=Kibana repository for 4.5.x packages
   baseurl=http://packages.elastic.co/kibana/4.5/centos
   gpgcheck=1
   gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
   enabled=1
   

3. Install Kibana by running the following command:

   yum install kibana
   

   Configure Kibana to automatically start during bootup. If your distribution is using the System V version of init (check with ps -p 1), run the following command:

   chkconfig --add kibana
   

4. If your distribution is using systemd, run the following commands instead:

   sudo /bin/systemctl daemon-reload 
   sudo /bin/systemctl enable kibana.service
   

That’s it! Kibana is now running on port 5601.

Kibana and Elasticsearch Dynamic Mapping

By default, Elasticsearch enables dynamic mapping for fields. Kibana needs dynamic mapping to use fields in visualizations correctly, as well as to manage the .kibana index where saved searches, visualizations, and dashboards are stored.

If your Elasticsearch use case requires you to disable dynamic mapping, you need to manually provide mappings for fields that Kibana uses to create visualizations. You also need to manually enable dynamic mapping for the .kibana index.

The following procedure assumes that the .kibana index does not already exist in Elasticsearch and that the index.mapper.dynamic setting in elasticsearch.yml is set to false:

1. Start Elasticsearch.

2. Create the .kibana index with dynamic mapping enabled just for that index:

   PUT .kibana
   {
    "index.mapper.dynamic": true
   }
   

3. Start Kibana and navigate to the web UI and verify that there are no error messages related to dynamic mapping.

Connect Kibana with Elasticsearch

Before you can start using Kibana, you need to tell it which Elasticsearch indices you want to explore. The first time you access Kibana, you are prompted to define an index pattern that matches the name of one or more of your indices. That’s it. That’s all you need to configure to start using Kibana. You can add index patterns at any time from the Settings tab.

TIP

By default, Kibana connects to the Elasticsearch instance running on localhost. To connect to a different Elasticsearch instance, modify the Elasticsearch URL in thekibana.yml configuration file and restart Kibana. For information about using Kibana with your production nodes, see Using Kibana in a Production Environment.

To configure the Elasticsearch indices you want to access with Kibana:

1. Point your browser at port 5601 to access the Kibana UI. For example, localhost:5601 orhttp://YOURDOMAIN.com:5601.

   

2. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana guesses that you’re working with data being fed into Elasticsearch by Logstash. If that’s the case, you can use the default logstash- as your index pattern. The asterisk () matches zero or more characters in an index’s name. If your Elasticsearch indices follow some other naming convention, enter an appropriate pattern. The "pattern" can also simply be the name of a single index.

3. Select the index field that contains the timestamp that you want to use to perform time-based comparisons. Kibana reads the index mapping to list all of the fields that contain a timestamp. If your index doesn’t have time-based data, disable the Index contains time-based eventsoption.

   Warning

   Using event times to create index names is deprecated in this release of Kibana. Support for this functionality will be removed entirely in the next major Kibana release. Elasticsearch 2.1 includes sophisticated date parsing APIs that Kibana uses to determine date information, removing the need to specify dates in the index pattern name.

4. Click Create to add the index pattern. This first pattern is automatically configured as the default. When you have more than one index pattern, you can designate which one to use as the default from Settings > Indices.

Voila! Kibana is now connected to your Elasticsearch data. Kibana displays a read-only list of fields configured for the matching index.

Start Exploring your Data!

You’re ready to dive in to your data:

• Search and browse your data interactively from the Discover page.

• Chart and map your data from the Visualize page.

• Create and view custom dashboards from the Dashboard page.

For a brief tutorial that explores these core Kibana concepts, take a look at the Getting Started page.