第216集Kibana可视化分析平台架构实战:日志分析、监控告警、数据可视化的企业级解决方案
|字数总计:9.6k|阅读时长:49分钟|阅读量:
第216集Kibana可视化分析平台架构实战:日志分析、监控告警、数据可视化的企业级解决方案
前言
在当今数据驱动的企业环境中,如何高效地分析海量日志数据、实现实时监控告警、构建直观的数据可视化界面,已成为企业数字化转型的关键挑战。Kibana作为Elastic Stack的核心组件,为企业提供了强大的数据可视化和分析能力。
本文将深入探讨Kibana可视化分析平台的架构设计与实战应用,从基础搭建到高级优化,从日志分析到监控告警,为企业构建完整的数据分析解决方案提供全面的技术指导。
一、Kibana架构概述与核心特性
1.1 Kibana架构设计
Kibana采用现代化的Web架构设计,基于Node.js构建,提供丰富的可视化组件和强大的查询分析能力。
1.2 核心功能特性
1.2.1 数据发现与分析
- Discover模块:提供强大的数据搜索和过滤能力
- 实时数据流:支持实时数据流分析和历史数据回溯
- 字段统计:自动生成字段统计信息和数据分布
1.2.2 可视化组件
- 图表类型:支持柱状图、折线图、饼图、热力图等多种图表
- 地图可视化:集成地理信息数据,支持地图展示
- 时间序列:专门的时间序列数据可视化组件
1.2.3 仪表板管理
- Dashboard构建:拖拽式仪表板构建工具
- 实时刷新:支持实时数据刷新和自动更新
- 权限控制:细粒度的权限管理和访问控制
1.3 企业级架构优势
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| 架构优势:
高可用性:
- 多节点部署
- 负载均衡
- 故障转移
可扩展性:
- 水平扩展
- 集群管理
- 资源弹性
安全性:
- 身份认证
- 权限控制
- 数据加密
性能优化:
- 缓存机制
- 查询优化
- 资源管理
|
二、Kibana环境搭建与配置
2.1 系统环境准备
2.1.1 硬件配置要求
1
2
3
4
5
6
7
8
9
10
11
|
CPU: 8核心以上
内存: 16GB以上
存储: SSD 500GB以上
网络: 千兆网卡
CPU: 4核心
内存: 8GB
存储: SSD 100GB
网络: 百兆网卡
|
2.1.2 软件环境依赖
1
2
3
4
5
6
7
8
9
10
11
12
13
|
cat /etc/os-release
sudo apt update
sudo apt install openjdk-11-jdk
java -version
echo 'export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64' >> ~/.bashrc
source ~/.bashrc
|
2.2 Elasticsearch集群部署
2.2.1 Elasticsearch安装配置
1
2
3
4
5
6
7
8
9
10
|
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt update
sudo apt install elasticsearch
sudo vim /etc/elasticsearch/elasticsearch.yml
|
2.2.2 Elasticsearch集群配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
cluster.name: production-cluster
node.name: node-1
node.roles: [master, data, ingest]
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: ["node1:9300", "node2:9300", "node3:9300"]
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/node-1.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/node-1.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt
indices.memory.index_buffer_size: 30%
indices.queries.cache.size: 10%
indices.fielddata.cache.size: 20%
cluster.routing.allocation.disk.threshold.enabled: true
cluster.routing.allocation.disk.watermark.low: 85%
cluster.routing.allocation.disk.watermark.high: 90%
cluster.routing.allocation.disk.watermark.flood_stage: 95%
|
2.2.3 JVM参数优化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
-Xms8g
-Xmx8g
-XX:+UseG1GC
-XX:G1HeapRegionSize=16m
-XX:+UseStringDeduplication
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
-XX:MaxDirectMemorySize=2g
|
2.3 Kibana安装与配置
2.3.1 Kibana安装
1
2
3
4
5
6
7
8
9
|
sudo apt install kibana
sudo systemctl start kibana
sudo systemctl enable kibana
sudo systemctl status kibana
|
2.3.2 Kibana基础配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
server.name: "kibana-server"
server.host: "0.0.0.0"
server.port: 5601
elasticsearch.hosts: ["https://node1:9200", "https://node2:9200", "https://node3:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "your_password"
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/ca.crt"]
elasticsearch.ssl.verificationMode: certificate
xpack.security.enabled: true
xpack.encryptedSavedObjects.encryptionKey: "your_encryption_key"
server.maxPayloadBytes: 1048576
elasticsearch.requestTimeout: 30000
elasticsearch.shardTimeout: 30000
logging.appenders.file.type: file
logging.appenders.file.fileName: /var/log/kibana/kibana.log
logging.appenders.file.layout.type: json
logging.root.level: info
|
2.3.3 Kibana集群配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
server.name: "kibana-node-1"
server.host: "0.0.0.0"
server.port: 5601
elasticsearch.hosts: ["https://elasticsearch-lb:9200"]
kibana.index: ".kibana"
kibana.defaultAppId: "home"
optimize.bundleFilter: "!tests"
optimize.useBundleCache: true
optimize.bundleDir: "/var/lib/kibana/optimize/bundles"
|
2.4 安全配置与认证
2.4.1 内置用户管理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u logstash_system
curl -X POST "localhost:9200/_security/user/kibana_admin" \
-H 'Content-Type: application/json' \
-u elastic:your_password \
-d '{
"password": "admin_password",
"roles": ["kibana_admin", "superuser"],
"full_name": "Kibana Administrator",
"email": "admin@company.com"
}'
|
2.4.2 LDAP集成配置
1
2
3
4
5
6
7
8
9
10
11
|
xpack.security.authc.realms.ldap.ldap1:
order: 2
url: "ldaps://ldap.company.com:636"
bind_dn: "cn=admin,dc=company,dc=com"
bind_password: "ldap_password"
user_search.base_dn: "ou=users,dc=company,dc=com"
user_search.attribute: "uid"
group_search.base_dn: "ou=groups,dc=company,dc=com"
group_search.attribute: "cn"
group_search.user_attribute: "uid"
|
2.4.3 SSL证书配置
1
2
3
4
5
6
7
8
9
10
11
12
|
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil http
sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs/
sudo chmod 600 /etc/elasticsearch/certs/*
|
三、Kibana核心功能模块详解
3.1 Discover数据发现模块
3.1.1 数据搜索与过滤
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
{
"query": {
"bool": {
"must": [
{
"match": {
"message": "error"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now"
}
}
}
],
"filter": [
{
"term": {
"level": "ERROR"
}
}
]
}
}
}
{
"query": {
"bool": {
"should": [
{
"wildcard": {
"message": "*timeout*"
}
},
{
"regexp": {
"message": ".*(error|exception|fail).*"
}
}
],
"minimum_should_match": 1
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],
"size": 100
}
|
3.1.2 字段分析与统计
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
{
"aggs": {
"field_stats": {
"stats": {
"field": "response_time"
}
},
"top_values": {
"terms": {
"field": "status_code",
"size": 10
}
},
"date_histogram": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1h"
}
}
}
}
|
3.2 Visualize可视化模块
3.2.1 基础图表类型
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
{
"aggs": {
"2": {
"terms": {
"field": "status_code",
"order": {
"_count": "desc"
},
"size": 10
}
}
}
}
{
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1h",
"time_zone": "UTC",
"min_doc_count": 1
},
"aggs": {
"3": {
"avg": {
"field": "response_time"
}
}
}
}
}
}
{
"aggs": {
"2": {
"terms": {
"field": "service_name",
"order": {
"_count": "desc"
},
"size": 5
}
}
}
}
|
3.2.2 高级可视化组件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
{
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1h",
"time_zone": "UTC",
"min_doc_count": 1
},
"aggs": {
"3": {
"terms": {
"field": "status_code",
"size": 10
}
}
}
}
}
}
{
"aggs": {
"2": {
"geohash_grid": {
"field": "location",
"precision": 3
}
}
}
}
{
"aggs": {
"2": {
"terms": {
"field": "service_name",
"order": {
"_count": "desc"
},
"size": 20
},
"aggs": {
"3": {
"avg": {
"field": "response_time"
}
},
"4": {
"max": {
"field": "response_time"
}
}
}
}
}
}
|
3.3 Dashboard仪表板模块
3.3.1 仪表板构建
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| {
"version": "8.0.0",
"kibana": {
"version": "8.0.0"
},
"dashboard": {
"title": "系统监控仪表板",
"description": "实时系统性能监控",
"panelsJSON": "[{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":8,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"错误日志统计\",\"type\":\"histogram\"}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":0,\"w\":12,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"响应时间趋势\",\"type\":\"line\"}}}]",
"optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}",
"timeRestore": true,
"timeTo": "now",
"timeFrom": "now-1h"
}
}
|
3.3.2 实时数据刷新
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
{
"refreshInterval": {
"pause": false,
"value": 5000
},
"time": {
"from": "now-1h",
"to": "now"
}
}
{
"refreshInterval": {
"pause": false,
"value": 10000
},
"autoRefresh": {
"enabled": true,
"interval": 30000
}
}
|
3.4.1 查询调试
1
2
3
4
5
6
7
8
9
10
11
|
GET /_cat/indices?v
GET /_cluster/health?pretty
GET /_nodes/stats?pretty
GET /_index_template?pretty
|
3.4.2 数据操作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
PUT /logs-2024-12-19
{
"settings": {
"number_of_shards": 3,
"number_of_replicas": 1,
"index": {
"refresh_interval": "5s"
}
},
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"message": {
"type": "text",
"analyzer": "standard"
},
"level": {
"type": "keyword"
},
"service": {
"type": "keyword"
}
}
}
}
POST /logs-2024-12-19/_bulk
{"index":{}}
{"@timestamp":"2024-12-19T10:00:00Z","message":"Application started","level":"INFO","service":"web-app"}
{"index":{}}
{"@timestamp":"2024-12-19T10:01:00Z","message":"Database connection established","level":"INFO","service":"web-app"}
{"index":{}}
{"@timestamp":"2024-12-19T10:02:00Z","message":"User login successful","level":"INFO","service":"auth-service"}
|
四、日志分析实战应用
4.1 应用日志分析
4.1.1 日志格式标准化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
input {
file {
path => "/var/log/app/*.log"
start_position => "beginning"
codec => "json"
}
}
filter {
date {
match => [ "timestamp", "ISO8601" ]
}
grok {
match => {
"message" => "%{TIMESTAMP_ISO8601:log_time} \[%{DATA:thread}\] %{LOGLEVEL:level} %{DATA:logger} - %{GREEDYDATA:log_message}"
}
}
if [level] == "ERROR" {
multiline {
pattern => "^\s+at\s+"
what => "previous"
}
}
mutate {
remove_field => ["host", "path"]
rename => { "log_message" => "message" }
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "app-logs-%{+YYYY.MM.dd}"
}
}
|
4.1.2 错误日志监控
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
{
"query": {
"bool": {
"must": [
{
"term": {
"level": "ERROR"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1h"
}
}
}
]
}
},
"aggs": {
"error_count": {
"value_count": {
"field": "_id"
}
},
"error_by_service": {
"terms": {
"field": "service",
"size": 10
}
},
"error_timeline": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "5m"
}
}
}
}
|
4.2 系统日志分析
4.2.1 系统监控配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/syslog
- /var/log/auth.log
- /var/log/kern.log
fields:
log_type: system
fields_under_root: true
- type: log
enabled: true
paths:
- /var/log/nginx/*.log
fields:
log_type: nginx
fields_under_root: true
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
output.elasticsearch:
hosts: ["localhost:9200"]
index: "system-logs-%{+yyyy.MM.dd}"
setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
|
4.2.2 性能指标分析
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
{
"query": {
"bool": {
"must": [
{
"term": {
"log_type": "system"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1d"
}
}
}
]
}
},
"aggs": {
"cpu_usage": {
"avg": {
"field": "cpu_percent"
}
},
"memory_usage": {
"avg": {
"field": "memory_percent"
}
},
"disk_usage": {
"avg": {
"field": "disk_percent"
}
},
"hourly_stats": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1h"
},
"aggs": {
"avg_cpu": {
"avg": {
"field": "cpu_percent"
}
},
"avg_memory": {
"avg": {
"field": "memory_percent"
}
}
}
}
}
}
|
4.3 网络日志分析
4.3.1 网络流量监控
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
packetbeat.interfaces.device: any
packetbeat.interfaces.type: af_packet
packetbeat.interfaces.buffer_size_mb: 100
packetbeat.protocols:
- type: http
ports: [80, 8080, 8000, 5000, 8002, 9200]
send_headers: ["User-Agent", "Content-Type"]
send_all_headers: true
- type: mysql
ports: [3306]
- type: redis
ports: [6379]
output.elasticsearch:
hosts: ["localhost:9200"]
index: "network-logs-%{+yyyy.MM.dd}"
|
4.3.2 安全事件分析
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
{
"query": {
"bool": {
"should": [
{
"term": {
"event_type": "login_failed"
}
},
{
"term": {
"event_type": "suspicious_activity"
}
},
{
"wildcard": {
"message": "*attack*"
}
}
],
"minimum_should_match": 1
}
},
"aggs": {
"security_events": {
"terms": {
"field": "event_type",
"size": 20
}
},
"source_ips": {
"terms": {
"field": "source_ip",
"size": 10
}
},
"timeline": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1h"
}
}
}
}
|
五、监控告警系统构建
5.1 告警规则配置
5.1.1 Watcher告警引擎
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
| {
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": ["app-logs-*"],
"body": {
"query": {
"bool": {
"must": [
{
"term": {
"level": "ERROR"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1m"
}
}
}
]
}
},
"aggs": {
"error_count": {
"value_count": {
"field": "_id"
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.aggregations.error_count.value": {
"gt": 10
}
}
},
"actions": {
"send_email": {
"email": {
"to": ["admin@company.com"],
"subject": "High Error Rate Alert",
"body": {
"text": "Error count exceeded threshold: {{ctx.payload.aggregations.error_count.value}}"
}
}
},
"create_incident": {
"webhook": {
"url": "https://incident-management.company.com/api/incidents",
"method": "POST",
"headers": {
"Content-Type": "application/json"
},
"body": {
"title": "High Error Rate Detected",
"description": "Error count: {{ctx.payload.aggregations.error_count.value}}",
"severity": "high",
"source": "kibana"
}
}
}
}
}
|
5.1.2 复合告警规则
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
| {
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"indices": ["system-logs-*"],
"body": {
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-5m"
}
}
}
]
}
},
"aggs": {
"avg_cpu": {
"avg": {
"field": "cpu_percent"
}
},
"avg_memory": {
"avg": {
"field": "memory_percent"
}
},
"avg_disk": {
"avg": {
"field": "disk_percent"
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "return ctx.payload.aggregations.avg_cpu.value > 80 || ctx.payload.aggregations.avg_memory.value > 85 || ctx.payload.aggregations.avg_disk.value > 90"
}
},
"actions": {
"alert_ops_team": {
"email": {
"to": ["ops@company.com"],
"subject": "System Resource Alert",
"body": {
"text": "CPU: {{ctx.payload.aggregations.avg_cpu.value}}%, Memory: {{ctx.payload.aggregations.avg_memory.value}}%, Disk: {{ctx.payload.aggregations.avg_disk.value}}%"
}
}
}
}
}
|
5.2 告警通知渠道
5.2.1 邮件通知配置
1
2
3
4
5
6
7
8
9
10
11
12
|
xpack.actions.email:
default:
smtp:
host: smtp.company.com
port: 587
secure: false
auth:
user: kibana@company.com
pass: your_password
from: kibana@company.com
reply_to: noreply@company.com
|
5.2.2 企业微信集成
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
{
"actions": {
"wechat_alert": {
"webhook": {
"url": "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=your_key",
"method": "POST",
"headers": {
"Content-Type": "application/json"
},
"body": {
"msgtype": "markdown",
"markdown": {
"content": "## 系统告警\n**告警时间**: {{ctx.trigger.triggered_time}}\n**告警内容**: {{ctx.payload.hits.total.value}} 条错误日志\n**详细信息**: [查看详情](https://kibana.company.com)"
}
}
}
}
}
}
|
5.2.3 Slack集成
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
{
"actions": {
"slack_alert": {
"webhook": {
"url": "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK",
"method": "POST",
"headers": {
"Content-Type": "application/json"
},
"body": {
"channel": "#alerts",
"username": "Kibana Alert",
"icon_emoji": ":warning:",
"text": "系统告警: {{ctx.payload.hits.total.value}} 条错误日志",
"attachments": [
{
"color": "danger",
"fields": [
{
"title": "告警时间",
"value": "{{ctx.trigger.triggered_time}}",
"short": true
},
{
"title": "错误数量",
"value": "{{ctx.payload.hits.total.value}}",
"short": true
}
]
}
]
}
}
}
}
}
|
5.3 告警规则管理
5.3.1 告警规则模板
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| {
"alert_templates": {
"error_rate": {
"name": "错误率告警",
"description": "监控应用错误率",
"query": {
"bool": {
"must": [
{
"term": {
"level": "ERROR"
}
},
{
"range": {
"@timestamp": {
"gte": "now-{{interval}}"
}
}
}
]
}
},
"threshold": 10,
"interval": "1m",
"actions": ["email", "slack"]
},
"response_time": {
"name": "响应时间告警",
"description": "监控API响应时间",
"query": {
"bool": {
"must": [
{
"exists": {
"field": "response_time"
}
},
{
"range": {
"@timestamp": {
"gte": "now-{{interval}}"
}
}
}
]
}
},
"threshold": 2000,
"interval": "5m",
"actions": ["email", "wechat"]
}
}
}
|
5.3.2 告警规则API
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
curl -X POST "localhost:9200/_watcher/watch/error_rate_alert" \
-H 'Content-Type: application/json' \
-u elastic:your_password \
-d '{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"indices": ["app-logs-*"],
"body": {
"query": {
"bool": {
"must": [
{
"term": {
"level": "ERROR"
}
},
{
"range": {
"@timestamp": {
"gte": "now-1m"
}
}
}
]
}
},
"aggs": {
"error_count": {
"value_count": {
"field": "_id"
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.aggregations.error_count.value": {
"gt": 10
}
}
},
"actions": {
"send_alert": {
"email": {
"to": ["admin@company.com"],
"subject": "Error Rate Alert",
"body": "Error count: {{ctx.payload.aggregations.error_count.value}}"
}
}
}
}'
curl -X GET "localhost:9200/_watcher/watch/error_rate_alert" \
-u elastic:your_password
curl -X POST "localhost:9200/_watcher/watch/error_rate_alert/_execute" \
-u elastic:your_password
|
六、数据可视化高级应用
6.1 自定义可视化组件
6.1.1 插件开发
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
import { Plugin as PluginBase } from 'kibana/server';
import { PluginSetup, PluginStart } from './types';
export class CustomVisualizationPlugin extends PluginBase<PluginSetup, PluginStart> {
public setup(core: CoreSetup) {
core.plugins.visualizations.registerVisualization({
name: 'custom_chart',
title: 'Custom Chart',
description: 'A custom visualization component',
icon: 'visBarVertical',
visConfig: {
defaults: {
chartType: 'line',
showLegend: true,
showTooltip: true
}
},
editorConfig: {
schemas: [
{
group: 'metrics',
name: 'metric',
title: 'Metric',
min: 1,
max: 1,
aggFilter: ['count', 'avg', 'sum', 'min', 'max']
},
{
group: 'buckets',
name: 'segment',
title: 'Group By',
min: 0,
max: 1,
aggFilter: ['terms', 'date_histogram']
}
]
},
toExpressionAst: (vis, params) => {
return {
type: 'expression',
chain: [
{
type: 'function',
function: 'custom_chart',
arguments: {
metric: [vis.data.aggs.metric],
segment: [vis.data.aggs.segment],
chartType: [params.chartType],
showLegend: [params.showLegend]
}
}
]
};
}
});
}
public start(core: CoreStart) {
return {};
}
}
|
6.1.2 自定义图表渲染
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
import React from 'react';
import { EuiChart, EuiChartTheme } from '@elastic/eui';
export const CustomChartRenderer = ({ visData, visParams }) => {
const chartTheme = {
chart: {
margins: {
left: 0.2,
right: 0.2,
top: 0.2,
bottom: 0.2
}
},
line: {
strokeWidth: 2,
pointRadius: 3
},
area: {
opacity: 0.3
}
};
const chartData = visData.aggs.map(agg => ({
label: agg.label,
data: agg.values.map((value, index) => ({
x: agg.buckets[index].key,
y: value
}))
}));
return (
<div className="custom-chart-container">
<EuiChart
type={visParams.chartType}
data={chartData}
theme={chartTheme}
showLegend={visParams.showLegend}
showTooltip={visParams.showTooltip}
/>
</div>
);
};
|
6.2 高级仪表板设计
6.2.1 响应式仪表板
1
2
3
4
5
6
7
8
9
10
11
| {
"dashboard": {
"title": "响应式监控仪表板",
"panelsJSON": "[{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":6,\"h\":4,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"CPU使用率\",\"type\":\"gauge\"}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":6,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"内存使用率\",\"type\":\"gauge\"}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":12,\"h\":6,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"系统负载趋势\",\"type\":\"line\"}}}]",
"optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"syncColors\":true,\"hidePanelTitles\":false}",
"version": 1,
"timeRestore": true,
"timeTo": "now",
"timeFrom": "now-1h"
}
}
|
6.2.2 交互式仪表板
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
{
"dashboard": {
"title": "交互式监控仪表板",
"panelsJSON": "[{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":6,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"服务状态概览\",\"type\":\"table\"}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":0,\"w\":4,\"h\":6,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"服务详情\",\"type\":\"metric\"}}}]",
"optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"syncColors\":true,\"hidePanelTitles\":false,\"syncTooltips\":true}",
"filters": [
{
"query": {
"match": {
"service": "{{service_name}}"
}
}
}
]
}
}
|
6.3 数据导出与分享
6.3.1 报表生成
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
{
"reporting": {
"enabled": true,
"kibanaServer": {
"hostname": "kibana.company.com",
"port": 5601,
"protocol": "https"
},
"capture": {
"browser": {
"type": "chromium"
},
"screenshot": {
"type": "png"
}
},
"csv": {
"maxSizeBytes": 10485760,
"scroll": {
"size": 500,
"duration": "30s"
}
}
}
}
POST /api/reporting/generate/pdf
{
"jobParams": {
"objectType": "dashboard",
"objectId": "dashboard-id",
"title": "系统监控报表",
"timeRange": {
"from": "now-1d",
"to": "now"
},
"layout": {
"dimensions": {
"width": 1920,
"height": 1080
}
}
}
}
|
6.3.2 数据导出API
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
curl -X POST "localhost:5601/api/reporting/generate/csv" \
-H 'Content-Type: application/json' \
-u admin:password \
-d '{
"jobParams": {
"objectType": "search",
"objectId": "search-id",
"title": "日志数据导出",
"searchRequest": {
"index": "app-logs-*",
"body": {
"query": {
"match_all": {}
},
"size": 10000
}
}
}
}'
curl -X POST "localhost:5601/api/reporting/generate/png" \
-H 'Content-Type: application/json' \
-u admin:password \
-d '{
"jobParams": {
"objectType": "visualization",
"objectId": "vis-id",
"title": "图表导出",
"timeRange": {
"from": "now-1h",
"to": "now"
}
}
}'
|
七、性能优化与运维管理
7.1 Kibana性能优化
7.1.1 查询性能优化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
server.maxPayloadBytes: 1048576
elasticsearch.requestTimeout: 30000
elasticsearch.shardTimeout: 30000
optimize.bundleFilter: "!tests"
optimize.useBundleCache: true
optimize.bundleDir: "/var/lib/kibana/optimize/bundles"
node.options: "--max-old-space-size=4096"
elasticsearch.maxConcurrentShardRequests: 5
elasticsearch.maxResponseSize: 10485760
|
7.1.2 索引优化策略
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
PUT /_index_template/logs-template
{
"index_patterns": ["logs-*"],
"template": {
"settings": {
"number_of_shards": 3,
"number_of_replicas": 1,
"index": {
"refresh_interval": "30s",
"translog": {
"flush_threshold_size": "512mb",
"sync_interval": "30s"
},
"merge": {
"scheduler": {
"max_thread_count": 1
}
}
}
},
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"message": {
"type": "text",
"analyzer": "standard",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"level": {
"type": "keyword"
},
"service": {
"type": "keyword"
}
}
}
}
}
PUT /_ilm/policy/logs-policy
{
"policy": {
"phases": {
"hot": {
"actions": {
"rollover": {
"max_size": "50GB",
"max_age": "7d"
}
}
},
"warm": {
"min_age": "7d",
"actions": {
"allocate": {
"number_of_replicas": 0
}
}
},
"cold": {
"min_age": "30d",
"actions": {
"allocate": {
"number_of_replicas": 0
}
}
},
"delete": {
"min_age": "90d"
}
}
}
}
|
7.2 集群监控与运维
7.2.1 集群健康监控
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
const clusterHealthCheck = async () => {
const response = await fetch('http://localhost:9200/_cluster/health?pretty');
const health = await response.json();
const alerts = [];
if (health.status === 'red') {
alerts.push('集群状态为红色,存在严重问题');
} else if (health.status === 'yellow') {
alerts.push('集群状态为黄色,存在警告');
}
if (health.active_shards_percent_as_number < 100) {
alerts.push(`活跃分片比例: ${health.active_shards_percent_as_number}%`);
}
if (health.number_of_pending_tasks > 0) {
alerts.push(`待处理任务: ${health.number_of_pending_tasks}`);
}
return {
status: health.status,
alerts: alerts,
metrics: {
active_shards: health.active_shards,
relocating_shards: health.relocating_shards,
initializing_shards: health.initializing_shards,
unassigned_shards: health.unassigned_shards
}
};
};
|
7.2.2 节点监控
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
const nodeMonitoring = async () => {
const response = await fetch('http://localhost:9200/_nodes/stats?pretty');
const stats = await response.json();
const nodeStats = Object.values(stats.nodes).map(node => ({
name: node.name,
host: node.host,
roles: node.roles,
jvm: {
heap_used_percent: node.jvm.mem.heap_used_percent,
gc_collection_time: node.jvm.gc.collectors.old.collection_time_in_millis,
gc_collection_count: node.jvm.gc.collectors.old.collection_count
},
indices: {
docs_count: node.indices.docs.count,
store_size: node.indices.store.size_in_bytes,
indexing_total: node.indices.indexing.index_total,
search_total: node.indices.search.query_total
},
os: {
cpu_percent: node.os.cpu.percent,
load_average: node.os.cpu.load_average,
mem_used_percent: node.os.mem.used_percent
}
}));
return nodeStats;
};
|
7.3 备份与恢复
7.3.1 快照备份
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
curl -X PUT "localhost:9200/_snapshot/backup_repo" \
-H 'Content-Type: application/json' \
-u elastic:password \
-d '{
"type": "fs",
"settings": {
"location": "/backup/elasticsearch",
"compress": true,
"max_snapshot_bytes_per_sec": "50mb",
"max_restore_bytes_per_sec": "50mb"
}
}'
curl -X PUT "localhost:9200/_snapshot/backup_repo/snapshot_$(date +%Y%m%d_%H%M%S)" \
-H 'Content-Type: application/json' \
-u elastic:password \
-d '{
"indices": "logs-*,app-logs-*",
"ignore_unavailable": true,
"include_global_state": false,
"metadata": {
"taken_by": "backup_script",
"taken_because": "scheduled backup"
}
}'
curl -X GET "localhost:9200/_snapshot/backup_repo/_current" \
-u elastic:password
|
7.3.2 数据恢复
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
curl -X POST "localhost:9200/_snapshot/backup_repo/snapshot_20241219_100000/_restore" \
-H 'Content-Type: application/json' \
-u elastic:password \
-d '{
"indices": "logs-*",
"ignore_unavailable": true,
"include_global_state": false,
"rename_pattern": "logs-(.+)",
"rename_replacement": "restored-logs-$1"
}'
curl -X GET "localhost:9200/_recovery" \
-u elastic:password
|
八、企业级最佳实践
8.1 架构设计原则
8.1.1 高可用架构
8.1.2 安全架构设计
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| 安全架构:
网络层安全:
- VPN访问
- 防火墙规则
- 网络隔离
应用层安全:
- HTTPS加密
- 身份认证
- 权限控制
数据层安全:
- 数据加密
- 访问审计
- 备份加密
运维安全:
- 操作审计
- 权限最小化
- 定期安全扫描
|
8.2 容量规划
8.2.1 存储容量计算
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
const calculateStorageCapacity = (config) => {
const {
logVolumePerDay,
retentionDays,
replicationFactor,
compressionRatio
} = config;
const rawDataPerDay = logVolumePerDay;
const rawDataTotal = rawDataPerDay * retentionDays;
const compressedDataPerDay = rawDataPerDay / compressionRatio;
const compressedDataTotal = compressedDataPerDay * retentionDays;
const totalStorage = compressedDataTotal * (1 + replicationFactor);
const actualStorage = totalStorage * 1.2;
return {
rawDataPerDay: rawDataPerDay,
rawDataTotal: rawDataTotal,
compressedDataPerDay: compressedDataPerDay,
compressedDataTotal: compressedDataTotal,
totalStorage: totalStorage,
actualStorage: actualStorage,
recommendedStorage: Math.ceil(actualStorage * 1.5)
};
};
const config = {
logVolumePerDay: 100,
retentionDays: 30,
replicationFactor: 1,
compressionRatio: 3
};
const capacity = calculateStorageCapacity(config);
console.log('存储容量规划:', capacity);
|
8.2.2 性能容量规划
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
const calculatePerformanceCapacity = (config) => {
const {
queriesPerSecond,
averageResponseTime,
peakMultiplier,
nodeCount,
coresPerNode
} = config;
const peakQPS = queriesPerSecond * peakMultiplier;
const qpsPerCore = 1000;
const totalCores = nodeCount * coresPerNode;
const maxQPS = totalCores * qpsPerCore;
const capacityUtilization = peakQPS / maxQPS;
const responseTimeFactor = averageResponseTime / 100;
return {
peakQPS: peakQPS,
maxQPS: maxQPS,
capacityUtilization: capacityUtilization,
responseTimeFactor: responseTimeFactor,
recommendedNodes: Math.ceil(peakQPS / (qpsPerCore * coresPerNode)),
isCapacitySufficient: capacityUtilization < 0.8 && responseTimeFactor < 2
};
};
|
8.3 运维最佳实践
8.3.1 监控指标
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| 关键监控指标:
Kibana指标:
- 响应时间
- 并发用户数
- 内存使用率
- CPU使用率
Elasticsearch指标:
- 集群健康状态
- 分片状态
- 索引性能
- 查询性能
系统指标:
- 磁盘使用率
- 网络流量
- 系统负载
- 内存使用率
|
8.3.2 告警策略
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| 告警策略:
紧急告警:
- 集群状态为红色
- 服务不可用
- 磁盘空间不足10%
重要告警:
- 集群状态为黄色
- 响应时间超过阈值
- 内存使用率超过80%
一般告警:
- 错误日志数量异常
- 索引性能下降
- 网络连接异常
|
九、故障排查与问题解决
9.1 常见问题诊断
9.1.1 性能问题诊断
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
curl -X GET "localhost:5601/api/status" | jq
curl -X GET "localhost:9200/_nodes/stats/jvm,indices,os" | jq
curl -X GET "localhost:9200/_nodes/stats/indices/search" | jq '.nodes[].indices.search.query_time_in_millis'
curl -X GET "localhost:9200/_cat/indices?v&s=store.size:desc"
curl -X GET "localhost:9200/_cat/shards?v&s=state,node"
|
9.1.2 连接问题诊断
1
2
3
4
5
6
7
8
9
10
11
12
13
|
curl -X GET "localhost:5601/api/status" | jq '.status.overall.state'
curl -X GET "localhost:9200/_cluster/health" | jq '.status'
telnet localhost 9200
telnet localhost 5601
sudo ufw status
sudo iptables -L
|
9.2 日志分析
9.2.1 Kibana日志分析
1
2
3
4
5
6
7
8
9
10
11
|
tail -f /var/log/kibana/kibana.log
grep "ERROR" /var/log/kibana/kibana.log | tail -20
grep "slow" /var/log/kibana/kibana.log | tail -20
grep "connection" /var/log/kibana/kibana.log | tail -20
|
9.2.2 Elasticsearch日志分析
1
2
3
4
5
6
7
8
9
10
11
|
tail -f /var/log/elasticsearch/elasticsearch.log
grep "GC" /var/log/elasticsearch/elasticsearch.log | tail -20
grep "shard" /var/log/elasticsearch/elasticsearch.log | tail -20
grep "cluster" /var/log/elasticsearch/elasticsearch.log | tail -20
|
9.3 故障恢复
9.3.1 服务重启
1
2
3
4
5
6
7
8
9
10
11
|
sudo systemctl restart kibana
sudo systemctl status kibana
sudo systemctl restart elasticsearch
sudo systemctl status elasticsearch
sudo systemctl is-active kibana
sudo systemctl is-active elasticsearch
|
9.3.2 数据恢复
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
curl -X POST "localhost:9200/_snapshot/backup_repo/snapshot_name/_restore" \
-H 'Content-Type: application/json' \
-d '{
"indices": "index_name",
"ignore_unavailable": true,
"include_global_state": false
}'
curl -X POST "localhost:9200/_reindex" \
-H 'Content-Type: application/json' \
-d '{
"source": {
"index": "old_index"
},
"dest": {
"index": "new_index"
}
}'
|
十、总结与展望
10.1 技术总结
通过本文的深入探讨,我们全面了解了Kibana可视化分析平台的架构设计与实战应用。从基础搭建到高级优化,从日志分析到监控告警,Kibana为企业提供了强大的数据可视化和分析能力。
10.1.1 核心价值
- 数据可视化:提供丰富的图表类型和交互式仪表板
- 实时分析:支持实时数据流分析和历史数据回溯
- 监控告警:构建完整的监控告警体系
- 企业级特性:高可用、可扩展、安全可靠
10.1.2 技术优势
- 易用性:直观的用户界面和简单的操作流程
- 灵活性:支持自定义可视化和插件开发
- 性能:优化的查询引擎和缓存机制
- 集成性:与Elastic Stack深度集成
10.2 最佳实践建议
10.2.1 架构设计
- 高可用设计:采用多节点部署和负载均衡
- 安全加固:实施全面的安全策略和访问控制
- 性能优化:合理配置资源和优化查询
- 监控运维:建立完善的监控和告警体系
10.2.2 运维管理
- 容量规划:根据业务需求合理规划资源
- 备份策略:建立完善的备份和恢复机制
- 故障处理:制定详细的故障排查和恢复流程
- 持续优化:定期评估和优化系统性能
10.3 未来发展趋势
10.3.1 技术发展方向
- AI集成:机器学习算法在数据分析中的应用
- 云原生:容器化和微服务架构的演进
- 实时性:更强大的实时数据处理能力
- 智能化:自动化运维和智能告警
10.3.2 应用场景扩展
- 业务分析:从技术监控扩展到业务分析
- 安全分析:增强的安全威胁检测和分析
- IoT数据:物联网设备数据的可视化分析
- 边缘计算:边缘环境下的数据分析能力
10.4 学习建议
10.4.1 技术学习路径
- 基础掌握:熟悉Elastic Stack基础组件
- 实践应用:通过实际项目积累经验
- 高级特性:深入学习高级功能和优化技巧
- 持续更新:关注技术发展和最佳实践
10.4.2 职业发展建议
- 技能提升:持续学习相关技术和工具
- 项目经验:参与大型项目的架构设计
- 社区参与:积极参与开源社区和技术交流
- 认证获取:获得相关技术认证和资质
结语
Kibana作为现代企业数据分析的重要工具,为企业提供了强大的数据可视化和分析能力。通过合理的架构设计、完善的配置管理、有效的性能优化和可靠的运维保障,企业可以构建高效、稳定、安全的数据分析平台。
在数字化转型的浪潮中,掌握Kibana等数据分析工具已成为技术人员的必备技能。希望本文能够为读者提供全面的技术指导和实践参考,助力企业在数据驱动的道路上取得更大的成功。
让我们继续探索数据世界的无限可能,用技术的力量推动企业的发展和创新!
关键词:Kibana、Elasticsearch、数据可视化、日志分析、监控告警、企业级架构、运维实战、性能优化、安全配置、故障排查
相关技术:Elastic Stack、Logstash、Beats、Watcher、Canvas、Lens、Machine Learning、APM、SIEM
适用场景:企业级日志分析、系统监控、业务分析、安全分析、运维管理、数据可视化、实时监控、告警系统
微信
