Ready to load some data and build a dashboard? This tutorial shows you how to:

  • Load a data set into Elasticsearch
  • Define an index pattern
  • Discover and explore the data
  • Visualize the data
  • Add visualizations to a dashboard
  • Inspect the data behind a visualization

Loading sample data

This tutorial requires three data sets:

  • The complete works of William Shakespeare, suitably parsed into fields. Download shakespeare.json.
  • A set of fictitious accounts with randomly generated data. Download accounts.zip.
  • A set of randomly generated log files. Download logs.jsonl.gz.

Two of the data sets are compressed. To extract the files, use these commands:

unzip accounts.zip

gunzip logs.jsonl.gz

Structure of the data sets

The Shakespeare data set has this structure:

{

    "line_id": INT,

    "play_name": "String",

    "speech_number": INT,

    "line_number": "String",

    "speaker": "String",

    "text_entry": "String",

}

The accounts data set is structured as follows:

{

    "account_number": INT,

    "balance": INT,

    "firstname": "String",

    "lastname": "String",

    "age": INT,

    "gender": "M or F",

    "address": "String",

    "employer": "String",

    "email": "String",

    "city": "String",

    "state": "String"

}

The logs data set has dozens of different fields. Here are the notable fields for this tutorial:

{

    "memory": INT,

    "geo.coordinates": "geo_point"

    "@timestamp": "date"

}

Set up mappings

Before you load the Shakespeare and logs data sets, you must set up mappings for the fields.

Mappings divide the documents in the index into logical groups and specify the characteristics of the fields.

These characteristics include the searchability of the field and whether it’s tokenized, or broken up into separate words.

In Kibana Dev Tools > Console, set up a mapping for the Shakespeare data set:

PUT /shakespeare

{

 "mappings": {

  "doc": {

   "properties": {

    "speaker": {"type": "keyword"},

    "play_name": {"type": "keyword"},

    "line_id": {"type": "integer"},

    "speech_number": {"type": "integer"}

   }

  }

 }

}

This mapping specifies field characteristics for the data set:

  • The speaker and play_name fields are keyword fields. These fields are not analyzed. The strings are treated as a single unit even if they contain multiple words.
  • The line_id and speech_number fields are integers.

响应

{
"acknowledged" : true,
"shards_acknowledged" : true,
"index" : "shakespeare"
}

The logs data set requires a mapping to label the latitude and longitude pairs as geographic locations by applying the geo_point type.

PUT /logstash-2015.05.18

{

  "mappings": {

    "log": {

      "properties": {

        "geo": {

          "properties": {

            "coordinates": {

              "type": "geo_point"

            }

          }

        }

      }

    }

  }

}

{
"acknowledged" : true,
"shards_acknowledged" : true,
"index" : "logstash-2015.05.18"
}

The accounts data set doesn’t require any mappings.

查询一下当前的所有indices

GET /_cat/indices?v HTTP/1.1
Host: localhost:9200

新导入的logstash-2015.05.18,logstash-2015.05.19,logstash-2015.05.20这个三个index的docs.count的个数都是0。

bank是之前在学习elastic search时候导入的

health status index               uuid                   pri rep docs.count docs.deleted store.size pri.store.size

yellow open   logstash-2015.05. dL2ZaIelR_uvKMnPYy_8Eg                                  .2kb          .2kb

yellow open   logstash-2015.05. M1PWnqXLRgClt-iwqN4OUg                                  .2kb          .2kb

yellow open   customer            p6H8gEOdQAWBuSN2HDEjZA                                  .4kb          .4kb

yellow open   shakespeare         I8mqiFkkTdK9IlcarIZA4A                                  .2kb          .2kb

yellow open   bank                l45mhl-7QNibqbmbi2Jmbw                             .1kb        .1kb

green  open   .kibana_1           CUsQj9zkSCSC-XiDJgXYQQ                                  .6kb          .6kb

yellow open   logstash-2015.05. 14rDFdQFTQK-GNgDXtlmeQ                                  .2kb          .2kb

Load the data sets

At this point, you’re ready to use the Elasticsearch bulk API to load the data sets:

curl -H 'Content-Type: application/x-ndjson' -XPOST 'localhost:9200/bank/account/_bulk?pretty' --data-binary @accounts.json

curl -H 'Content-Type: application/x-ndjson' -XPOST 'localhost:9200/shakespeare/doc/_bulk?pretty' --data-binary @shakespeare_6.0.json

curl -H 'Content-Type: application/x-ndjson' -XPOST 'localhost:9200/_bulk?pretty' --data-binary @logs.jsonl

Or for Windows users, in Powershell:

Invoke-RestMethod "http://localhost:9200/bank/account/_bulk?pretty" -Method Post -ContentType 'application/x-ndjson' -InFile "accounts.json"

Invoke-RestMethod "http://localhost:9200/shakespeare/doc/_bulk?pretty" -Method Post -ContentType 'application/x-ndjson' -InFile "shakespeare_6.0.json"

Invoke-RestMethod "http://localhost:9200/_bulk?pretty" -Method Post -ContentType 'application/x-ndjson' -InFile "logs.jsonl"

可以保存为一个ps1的脚本文件,然后直接运行这个脚本文件进行导入

These commands might take some time to execute, depending on the available computing resources.

Verify successful loading:

再次查询所有的index

GET /_cat/indices?v

Your output should look similar to this:

health status index               uuid                   pri rep docs.count docs.deleted store.size pri.store.size

yellow open   logstash-2015.05. dL2ZaIelR_uvKMnPYy_8Eg                              .5mb         .5mb

yellow open   logstash-2015.05. M1PWnqXLRgClt-iwqN4OUg                              .1mb         .1mb

yellow open   customer            p6H8gEOdQAWBuSN2HDEjZA                                  .4kb          .4kb

yellow open   shakespeare         I8mqiFkkTdK9IlcarIZA4A                            .5mb         .5mb

yellow open   bank                l45mhl-7QNibqbmbi2Jmbw                             .1kb        .1kb

green  open   .kibana_1           CUsQj9zkSCSC-XiDJgXYQQ                                  .6kb          .6kb

yellow open   logstash-2015.05. 14rDFdQFTQK-GNgDXtlmeQ                              .6mb         .6mb

Defining your index patterns

Index patterns tell Kibana which Elasticsearch indices you want to explore. An index pattern can match the name of a single index, or include a wildcard (*) to match multiple indices.

For example, Logstash typically creates a series of indices in the format logstash-YYYY.MMM.DD. To explore all of the log data from May 2018, you could specify the index pattern logstash-2018.05*.

You’ll create patterns for the Shakespeare data set, which has an index named shakespeare, and the accounts data set, which has an index named bank. These data sets don’t contain time-series data.

  1. In Kibana, open Management, and then click Index Patterns.
  2. If this is your first index pattern, the Create index pattern page opens automatically. Otherwise, click Create index pattern in the upper left.

  3. Enter shakes* in the Index pattern field.

Kibana --> Getting Started -->Building your own dashboard的更多相关文章

  1. 使用Kibana 分析Nginx 日志并在 Dashboard上展示

    一.Kibana之Visualize 功能 在首页上Visualize 标签页用来设计可视化图形.你可以保存之前在discovery中的搜索来进行画图,然后保存该visualize,或者加载合并到 d ...

  2. Kibana:如何周期性地为 Dashboard 生成 PDF Report

    转载自:https://blog.csdn.net/UbuntuTouch/article/details/108449775 按照上面的方式填写.记得把之前的 URL 拷贝到 webhook 下的 ...

  3. How To Use Logstash and Kibana To Centralize Logs On CentOS 6

    原文链接:https://www.digitalocean.com/community/tutorials/how-to-use-logstash-and-kibana-to-centralize-l ...

  4. 性能优化工具 MVC Mini Profiler

    性能优化工具 MVC Mini Profiler   MVC MiniProfiler是Stack Overflow团队设计的一款对ASP.NET MVC.WebForm 以及WCF 的性能分析的小程 ...

  5. ELK学习笔记之F5利用EELK进行应用数据挖掘系列(2)-DNS

    0x00 概述 很多客户使用GTM/DNS为企业业务提供动态智能解析,解决应用就近性访问.优选问题.对于已经实施多数据中心双活的客户,则会使用GSLB提供双活流量调度.DNS作为企业业务访问的指路者, ...

  6. ELK+Redis 解析Nginx日志

    一.ELK简介 Elk是指logstash,elasticsearch,kibana三件套,我们一般使用它们做日志分析. ELK工作原理图: 简单来讲ELK具体的工作流程就是客户端的logstash ...

  7. [Metricbeat] Metricbeat监控golang服务器

    0x0 前言 最近这几天研究了一下ElasticSearch相关的技术栈.前面一篇转发了别人些的非常详细的ElasticSearch和Kibana搭建的过程.发现Elastic家族还有Metricbe ...

  8. I am a legend: Hacking Hearthstone with machine-learning Defcon talk wrap-up

    I am a legend: Hacking Hearthstone with machine-learning Defcon talk wrap-up: video and slides avail ...

  9. Building real-time dashboard applications with Apache Flink, Elasticsearch, and Kibana

    https://www.elastic.co/cn/blog/building-real-time-dashboard-applications-with-apache-flink-elasticse ...

随机推荐

  1. [ Windows BAT Script ] 删除某个目录下的所有某类文件

    删除某个目录下的所有某类文件 @echo off for /R %%s in (*.txt) do ( echo %%s del %%s ) pause @echo on

  2. Python全栈-day4-语法基础2

    一.字符串 1.字符串基础 1)作用:用于描述姓名.性别.地址等信息 2)定义方式:单引号或者双引号以及三引号内添加字符 注:day3中介绍 name = 'zhang' user_name = &q ...

  3. html5-button元素

    <!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8&qu ...

  4. 四则运算 python

    2018103004四则运算练习软件项目报告   此作业的要求参见链接的任务三个人任务:https://mooc1-1.chaoxing.com/mycourse/studentstudy?chapt ...

  5. 做一次面向对象的体操:将JSON字符串转换为嵌套对象的一种方法

    背景与问题 在 <一个略复杂的数据映射聚合例子及代码重构> 一文中,将一个JSON字符串转成了所需要的订单信息Map.尽管做了代码重构和配置化,过程式的代码仍然显得晦涩难懂,并且客户端使用 ...

  6. 20165215 2017-2018-2 《Java程序设计》第2周学习总结

    20165215 2017-2018-2 <Java程序设计>第2周学习总结 教材学习内容总结 chapter2 逻辑类型boolea只能赋值true或false Java没有无符号整数类 ...

  7. JAVA程序测试感受

    上周四下午,我们进行了JAVA测试,心里很慌,在家中只是学习了JAVA程序的输入.输出以及各种数据类型使用而已,王建民老师给我们发了一份JAVA的课前测试样卷,是关于学生信息管理系统的,我们提前从学长 ...

  8. 使用commons-compress解压GBK格式winzip文件到UTF8,以及错误使用ZipArchiveInputStream读出来数据全是空的解决办法

    先上正确方法: 正确方式应该为,先创建一个ZipFile,然后对其entries做遍历,每一个entry其实就是一个文件或者文件夹,检测到文件夹的时候创建文件夹,其他情况创建文件,其中使用zipFil ...

  9. php 当前时间 当前时间戳和数据库里取出的时间datetime格式进行比较大小

    php 当前时间 当前时间戳和数据库里取出的时间datetime格式进行比较大小 UNIX时间戳转换为日期用函数: date() ,date('Y-m-d H:i:s', 1500219870); 日 ...

  10. vue:vuex详解

    一.什么是Vuex? https://vuex.vuejs.org/zh-cn 官方说法:Vuex 是一个专为 Vue.js应用程序开发的状态管理模式.它采用集中式存储管理应用的所有组件的状态,并以相 ...