Kibana 简明教程
Kibana - Discover
本章讨论 Kibana UI 中的 Discover 选项卡。我们将详细了解以下概念 -
This chapter discusses the Discover Tab in Kibana UI. We will learn in detail about the following concepts −
-
Index without date field
-
Index with date field
Index without date field
在左侧菜单中选择 Discover,如下所示 -
Select Discover on the left side menu as shown below −
在右侧,它显示我们上一章中创建的 countriesdata- 28.12.2018 索引中可用数据的详细信息。
On the right side, it displays the details of the data available in countriesdata- 28.12.2018 index we created in previous chapter.
在左上角,它显示可用的记录总数 -
On the top left corner, it shows the total number of records available −
我们可以在此选项卡中获取 (countriesdata-28.12.2018) 索引内数据的详细信息。在上文显示的屏幕左上角,我们可以看到类似于新建、保存、打开、共享、检查和自动刷新的按钮。
We can get the details of the data inside the index (countriesdata-28.12.2018) in this tab. On the top left corner in screen shown above, we can see Buttons like New, Save, Open, Share ,Inspect and Auto-refresh.
如果你单击“自动刷新”,它会显示如下屏幕:
If you click Auto-refresh, it will display the screen as shown below −
你可以通过单击上面的“秒”、“分钟”或“小时”来设置自动刷新间隔。Kibana 将自动刷新屏幕,并在每次设置的间隔计时器后获取最新数据。
You can set the auto-refresh interval by clicking on the seconds, minutes or hour from above. Kibana will auto-refresh the screen and get fresh data after every interval timer you set.
来自 index:countriesdata-28.12.2018 的数据如下所示:
The data from index:countriesdata-28.12.2018 is displayed as shown below −
所有字段以及数据以行方式显示。单击箭头展开行,它将以表格式或 JSON 格式提供详细信息
All the fields along with the data are shown row wise. Click the arrow to expand the row and it will give you details in Table format or JSON format
JSON Format
左侧有一个按钮名为“查看单份文档”。
There is a button on the left side called View single document.
如果您单击它,它将以类似于下面所示的方式显示行中显示的行或数据
If you click it, it will display the row or the data present in the row inside the page as shown below −
虽然我们在这里获得所有数据详细信息,但很难逐一浏览。
Though we are getting all the data details here, it is difficult to go through each of them.
现在让我们尝试获取表格格式的数据。以下显示了一种展开其中一行并单击每个字段中可用的切换列选项的方法:
Now let us try to get the data in tabular format. One way to expand one of the row and click the toggle column option available across each field is shown below −
单击每个可用的“数据表中切换列”选项,您将注意到数据以表格格式显示
Click on Toggle column in table option available for each and you will notice the data being shown in table format −
在此处,我们选择了字段国家、地区、区域和人口。折叠展开的行,您现在应该看到所有数据为表格格式。
Here, we have selected fields Country, Area, Region and Population. Collapse the expanded row and you should see all the data in tabular format now.
我们选择的字段显示在屏幕左侧,如下所示
The fields we selected are displayed on the left side of the screen as shown below −
请注意,有两个选项——已选择的字段和可用的字段。我们选择在表格格式中显示的字段是已选择字段的一部分。如果您想删除任何字段,可以通过单击将在所选字段选项中的字段名称中看到的“移除”按钮来执行此操作。
Observe that there are 2 options − Selected fields and Available fields. The fields we have selected to show in tabular format are a part of selected fields. In case you want to remove any field you can do so by clicking the remove button which will be seen across the field name in selected field option.
删除后,该字段将在可用的字段内可用,您可以在其中通过单击将在您想要的字段中显示的“添加”按钮来将其添加回来。您还可以使用此方法通过从“可用字段”中选择所需字段来获取表格格式的数据。
Once removed, the field will be available inside the Available fields where you can add back by clicking the add button which will be shown across the field you want. You can also use this method to get your data in tabular format by choosing the required fields from Available fields.
我们在 Discover 中有一个搜索选项,我们可以使用它来搜索索引内的数据。让我们在此处尝试与搜索选项相关的示例
We have a search option available in Discover, which we can use to search for data inside the index. Let us try examples related to search option here −
假设您想要搜索国家印度,您可以执行以下操作:
Suppose you want to search for country India, you can do as follows −
您可以输入您的搜索详细信息并单击“更新”按钮。如果您想要搜索以 Aus 开头的国家,您可以执行以下操作:
You can type your search details and click the Update button. If you want to search for countries starting with Aus, you can do so as follows −
单击“更新”以查看结果
Click Update to see the results
在这里,有两个以 Aus* 开头的国家。搜索字段有一个“选项”按钮,如上所示。当用户单击它时,它会显示一个切换按钮,当开启时有助于编写搜索查询。
Here, we have two countries starting with Aus*. The search field has a Options button as shown above. When a user clicks it, it displays a toggle button which when ON helps in writing the search query.
打开查询功能并在搜索中输入字段名称,它将显示该字段可用的选项。
Turn on query features and type the field name in search, it will display the options available for that field.
例如,国家字段是一个字符串,它会显示针对字符串字段的以下选项:
For example, Country field is a string and it displays following options for the string field −
类似地,“区域”是一个数字字段,它会显示针对数字字段的以下选项:
Similarly, Area is a Number field and it displays following options for Number field −
您可以在 Discover 字段中尝试不同的组合并根据您的选择筛选数据。可以使用“保存”按钮保存“发现”标签中的数据,以便将来使用。
You can try out different combination and filter the data as per your choice in Discover field. The data inside the Discover tab can be saved using the Save button, so that you can use it for future purpose.
要保存 Discover 中的数据,请单击右上角的保存按钮,如下所示
To save the data inside discover click on the save button on top right corner as shown below −
给你的搜索命名并单击确认保存保存即可。保存完成后,下次访问 Discover 选项卡时,你可以单击右上角的打开按钮获取已保存的标题,如下所示
Give title to your search and click Confirm Save to save it. Once saved, next time you visit the Discover tab, you can click the Open button on the top right corner to get the saved titles as shown below −
你还可以使用右上角的共享按钮与他人共享数据。单击它,你就可以找到共享选项,如下所示
You can also share the data with others using the Share button available on top right corner. If you click it, you can find sharing options as shown below −
你可以使用 CSV 报告或永久链接的形式共享它。
You can share it using CSV Reports or in the form of Permalinks.
CSV 报告中可以选择的选项有
The option available onclick on CSV Reports are −
单击生成 CSV 获取报告以与他人共享。
Click Generate CSV to get the report to be shared with others.
单机永久链接可用的选项如下所示
The option available onclick of Permalinks are as follows −
快照选项将提供一个 Kibana 链接,该链接将显示当前搜索中可用的数据。
The Snapshot option will give a Kibana link which will display data available in the search currently.
已保存的对象选项将提供一个 Kibana 链接,该链接将显示搜索中可用的最新数据。
The Saved object option will give a Kibana link which will display the recent data available in your search.
快照 - http://localhost:5601/goto/309a983483fccd423950cfb708fabfa5 已保存的对象 :http://localhost:5601/app/kibana#/discover/40bd89d0-10b1-11e9-9876-4f3d759b471e?_g=()
Snapshot − http://localhost:5601/goto/309a983483fccd423950cfb708fabfa5 Saved Object :http://localhost:5601/app/kibana#/discover/40bd89d0-10b1-11e9-9876-4f3d759b471e?_g=()
你可以使用 Discover 选项卡和可用的搜索选项,并且可以保存并与他人共享获得的结果。
You can work with Discover tab and search options available and the result obtained can be saved and shared with others.
Index with Date Field
转到 Discover 选项卡并选择索引:*medicalvisits-26.01.2019*
Go to Discover tab and select index:*medicalvisits-26.01.2019*
它显示了消息 - “没有结果与你的搜索条件相符”,为我们选择的索引在过去 15 分钟内。该索引包含了 2015 年、2016 年、2017 年和 2018 年的数据。
It has displayed the message − “No results match your search criteria”, for the last 15 minutes on the index we have selected. The index has data for years 2015,2016,2017 and 2018.
更改时间范围,如下所示
Change the time range as shown below −
单击绝对选项卡。
Click Absolute tab.
选择自 - 1 月 1 日 2017 年和至 - 12 月 31 日 2017 年,因为我们将分析 2017 年的数据。
Select the date From − 1st Jan 2017 and To − 31st Dec2017 as we will analyze data for year 2017.
单击按钮添加时间范围。它将向你显示数据和条形图,如下所示
Click the Go button to add the timerange. It will display you the data and bar chart as follows −
这是 2017 年的月度数据
This is the monthly data for the year 2017 −
由于我们还存储了时间加上日期,我们也可以按小时和分钟过滤数据。
Since we also have the time stored along with date, we can filter the data on hours and minutes too.
上述数字显示了 2017 年的小时数据。
The figure shown above displays the hourly data for the year 2017.
这里从索引 medicalvisits-26.01.2019 显示字段
Here the fields displayed from the index − medicalvisits-26.01.2019
我们有如下所示的可用字段,显示在左侧:
We have the available fields on left side as shown below −
您可以从可用字段中选择字段,并将数据转换为如下所示的制表符分隔格式。这里我们选择如下字段:
You can select the fields from available fields and convert the data into tabular format as shown below. Here we have selected the following fields −
以上字段的表格数据如下所示:
The tabular data for above fields is shown here −
