Kibana界面出来后可以不做任何事,也许也不知从何做起。其实,首先要做的应该是把需要的数据弄进来。
Kibana官方准备了一些数据可供使用,比如shakespeare.json,accounts.zip,logs.jsonl.gz,包含了莎士比亚作品集,银行数据,日志数据三种。
curl -O https://download.elastic.co/demos/kibana/gettingstarted/8.x/shakespeare.json
curl -O https://download.elastic.co/demos/kibana/gettingstarted/8.x/accounts.zip
curl -O https://download.elastic.co/demos/kibana/gettingstarted/8.x/logs.jsonl.gz
下载后解压到文件夹data。
unzip accounts.zip
gunzip logs.jsonl.gz
现在要把这些数据导入ElasticSearch,可以使用之前的curl方法建立mapping。
curl -X PUT "localhost:9200/shakespeare?pretty" -H 'Content-Type: application/json' -d'
{
"mappings": {
"properties": {
"speaker": {"type": "keyword"},
"play_name": {"type": "keyword"},
"line_id": {"type": "integer"},
"speech_number": {"type": "integer"}
}
}
}
'
{
"acknowledged" : true,
"shards_acknowledged" : true,
"index" : "shakespeare"
}
curl -X PUT "localhost:9200/logstash-2015.05.18?pretty" -H 'Content-Type: application/json' -d'
{
"mappings": {
"properties": {
"geo": {
"properties": {
"coordinates": {
"type": "geo_point"
}
}
}
}
}
}
'
{
"acknowledged" : true,
"shards_acknowledged" : true,
"index" : "logstash-2015.05.18"
}
curl -X PUT "localhost:9200/logstash-2015.05.19?pretty" -H 'Content-Type: application/json' -d'
{
"mappings": {
"properties": {
"geo": {
"properties": {
"coordinates": {
"type": "geo_point"
}
}
}
}
}
}
'
{
"acknowledged" : true,
"shards_acknowledged" : true,
"index" : "logstash-2015.05.19"
}
curl -X PUT "localhost:9200/logstash-2015.05.20?pretty" -H 'Content-Type: application/json' -d'
{
"mappings": {
"properties": {
"geo": {
"properties": {
"coordinates": {
"type": "geo_point"
}
}
}
}
}
}
'
{
"acknowledged" : true,
"shards_acknowledged" : true,
"index" : "logstash-2015.05.20"
}
建立mapping后再使用_bulk方法导入ES。
curl -H 'Content-Type: application/x-ndjson' -XPOST 'http://localhost:9200/bank/_bulk?pretty' --data-binary @accounts.json
curl -H 'Content-Type: application/x-ndjson' -XPOST 'http://localhost:9200/shakespeare/_bulk?pretty' --data-binary @shakespeare.json
curl -H 'Content-Type: application/x-ndjson' -XPOST 'http://localhost:9200/_bulk?pretty' --data-binary @logs.jsonl
打开Kibana菜单中的Management,选择Stack Management,进入Stack界面选择Kibana中的Index Pattern。
点击Create Index Pattern,输入shake*,点击下一步Next,再点击Create完成创建。现在可以看到shake*的索引字段显示出来了。用同样的方法创建logstash*和ba*的索引。