6 useKibanaUnderstand the data

Kibana4The function of the

Search terms are highlighted

ElasticsearchThe aggregation

  • Kibana4The widespread use ofElasticsearchThe aggregations and subaggregations of the There are two main types of aggregations
  1. Barrels (Bucketing) : Generates a series of buckets, each with a set of documents, such as phrases, ranges, histograms, and so on
  2. Metrics: Calculate metrics for a set of documents, such as minimum, maximum, sum, average, and so on. This calculation can only be performed on fields of numeric type

Derivative field

  • Derived field (Scripted fields) for dynamic calculations of indexed data

For example, if a field needs to be multiplied by 100 before it is displayed, it can be stored as a derived field, but the derived field cannot be searched

Dynamic dashboard

  • The dashboard is very flexible and dynamic. You can easily drag and drop visual components as needed, and the data can be refreshed automatically

Kibanainterface

  • Contains four main tags
  1. Search: Search freely, or by field, range, etc
  2. Visualizations: Create many types of visualizations, such as pie charts, bar charts, line charts, and so on, and save them for later use in the dashboard
  3. Dashboard: A collection of various visualizations and searches that can be easily applied to click-based filters, as well as to conclusions based on multiple data aggregates
  4. Settings: Configure index mode, derived field, field data type, etc

Search page

  • Suitable for interactive search queries on indexed data. You can do field-specific searches, filter data, and view indexed documents

  • Left: All index modes
  • Top: Time filter and search box
  • Page header: Based@timestampDefault histogram of fields; The number of hits in the corresponding search results
  • Search results: 500 latest documents in reverse chronological order

Time filter

Quick time filter

Relative time filter

Absolute time filter

Auto refresh Settings

The region triggers the time filter

Query and retrieve data

  • KibanauseLuceneQuery syntax to search index data. You can be there, tooElasticsearchThe use ofElasticsearch Query DSL

Free text search

  • Find the search term from all fields in all documents

Search syntax: lucene.apache.org/core/8_5_2/…

AND

“Learning” AND “ELK” : Search for documents that contain both words

OR

“Logstash” OR “ELK” : Contains Logstash OR all documents containing ELK

NOT

“Logstash” NOT “ELK” : All documents that contain a Logstash but NOT an ELK

grouping

(“Logstash” OR “ELK” AND “Kibana”) : All documents that contain Kibana AND ELK OR Logstash

Wildcard search

Plan * : Search for files shaped like plans, plant, planting, etc

plan? : Matches files such as Plant and plans

? And * 😕 And * cannot be used as the first letter of the search criteria

Field search

  • The goal is to search for fields of a specific value or range in the index document, which are displayed on the left side of the search page; Join fields and values with colons

< field name >:< field value >

title : “Learning ELK”

title : “Learning ELK” AND category : “technology”

Scope of the search

  • It is used to query the value range of a field, for example, to search for a specific date range

date_of_record : [20200101 TO 20200606]

  • The queryvolumeThe value of the field is between 10000 and 20000

volume : [10000 TO 20000]

  • Range search and field search can be used in combination with Boolean conformance, for example

publish_date : [20200101 TO 20200606] AND title : “Learning ELK”

Escape special characters

  • The following is a list of special characters that should be escaped using the \ symbol if needed in a query

+ – && | |! {} [] ^ “~ *? : \

Save search

  • Use the search page”save search“Option to save the search and use it for later visualization. Saved searches can be added to the dashboard

Open the saved search

  • “On the toolbar of the search page.Load Saved Search“Option to open previously saved searches

Search fields with a list of fields

  • Field queries can be made by clicking the “positive” or “negative” filter button on a field specific value

  • You can also click next to the field name on the left field listaddButton makes the right panel display the specified field. This can be based onfdvdThe result table on the right shows the values of the fields

  • This way you can quickly add fields, categorize documents by specific fields, and arrange fields in business order. This is very helpful for creating quick search tables