Yesterday when I got in touch with Kibana technology, my colleague told me how to use it. Use your vacation time to learn and learn the following Kibana techniques.
Kibana is an open source data analysis and visualization platform designed to work with Elasticsearch as part of the Elastic Stack. You can use Kibana to search, view, and interact with data in the Elasticsearch index. You can easily use charts, tables and maps to analyze and present data in a variety of ways.
Kibana makes big data easy to understand. It’s simple and browser-based interface makes it easy to quickly create and share dynamic data dashboards to track Real-time changes in Elasticsearch data.
Building Kibana was very simple. You can install Kibana in minutes and start exploring Elasticsearch index data with no code and no extra infrastructure.
Data exploration
Setting time Filtering
The time filter displays search results based on the specified time period. Index contains time-based events and time-field index mode can use a time filter.
The default time range of the time filter is the latest 15 minutes. You can use the Time Picker at the top of the page to adjust the Time period and refresh frequency.
Set the Time filter with the Time Picker:
1. Click the Time Picker in the Kibana toolbar.
2. You can set quick filtering by clicking a time range.
Click directly on a bar on the histogram to zoom in on the corresponding time period. Specify a time range by dragging and dropping. When the cursor changes to a plus sign in the background of the chart, it indicates the time period that can be selected. To select the previous or next Time period, click the arrows to the left and right of the Time Picker:
You can undo it by clicking the back button of your browser.
Time periods and refresh cycles are displayed on the histogram. By default, the refresh period is automatically set based on the time segment. You can also manually set the refresh cycle using a link on the page.
Explore your data editing
Click Discover in the side navigation to access Kibana’s data exploration feature:
Elasticsearch query statement
The current index mode is displayed below the query bar. The index pattern determines which indexes to search for when you submit a query. To search for a different set of indexes, you can select a different schema from the drop-down menu. To Add Index Patterns, go to the Management/Kibana/Index Patterns interface and click Add New.
You can use the field name and value you are interested in as search criteria, and for numeric fields you can use comparison operators, such as greater than (>), less than (<), or equal to (=). You can concatenate search criteria using the logical operators AND, OR, AND NOT, which need to be all capitalized.
Try selecting the BA * indexing mode and enter the following string in the query field:
account_number:<100 AND balance:>47500
Copy the code
This query returns all account numbers between 0 and 99 with a balance greater than 47,500. When searching for sample bank data, it returns five results: account numbers 8,32,78,85, and 97.
Filtering by field
Search results can be filtered to show only documents that contain specific field values. You can also create negation filters to exclude documents that contain specific field values.
Select the field filter to add from the Fields or Documents table. In addition to creating positive and negative filters, the Documents table can also filter whether a field exists. The used filters are shown below the Query column. Negative filters are shown in red.
Add a filter from the Fields list:
Click the name of the field you want to filter. The five most commonly used field values for this domain are shown here.
- To add a Negative Filter, click the Negative Filter button. This excludes documents that contain the value of that field. Add a filter from the Documents table:
3.1. Expand a document in the Documents table by clicking the Expand Button to the left of the document table entry.
2. To add a Positive Filter, click the Positive Filter Button next to the field name. Only documents containing the value of that field will be displayed.
3. To add a Negative Filter, click Negative Filter Button next to the field name. This excludes documents that contain the value of that field.
4. To check whether the document contains a field, click the Exists Button next to the field name. Only documents containing that field will be displayed.
Managing filters:
To modify a filter, place your mouse over the filter and click an action button.
Edit filter:
You can edit a filter to directly adjust the filtered query of the query result. This enables the creation of more complex filters based on multiple fields.
For example, you can use bool Query to create a filter for sample log data that shows matches from Canada or China that resulted in a 404 error.
{
"bool": {
"should": [{"term": {
"geoip.country_name.raw": "Canada"}}, {"term": {
"geoip.country_name.raw": "China"}}]."must": [{"term": {
"response": "404"}}]}}Copy the code
Kibana tutorial