Kibana: Kibana 4 β ΠΡΡΡΠ΅ΡΡΠΊΠ°Ρ Π΄ΠΎΡΡΠ°Π²ΠΊΠ°: X ΠΈΠ· 5 ΠΎΡΠΊΠΎΠ»ΠΊΠΎΠ² Π½Π΅ ΡΠ΄Π°Π»ΠΎΡΡ
ΠΡΠΈΠ²Π΅Ρ,
Π£ ΠΌΠ΅Π½Ρ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ Ρ ΠΏΡΠΎΡΠΌΠΎΡΡΠΎΠΌ Π΄Π°Π½Π½ΡΡ Netflow Ρ ΠΏΠΎΠΌΠΎΡΡΡ Kibana 4.0.2 (ΡΠ±ΠΎΡΠΊΠ° 6004). Π‘ΠΎΠΎΠ±ΡΠ΅Π½ΠΈΠ΅ ΠΎΠ± ΠΎΡΠΈΠ±ΠΊΠ΅, ΠΊΠΎΡΠΎΡΠΎΠ΅ Ρ ΠΏΠΎΠ»ΡΡΠ°Ρ, ΠΊΠΎΠ³Π΄Π° Π½Π°ΠΆΠΈΠΌΠ°Ρ Π²ΠΊΠ»Π°Π΄ΠΊΡ Β«ΠΠ±Π½Π°ΡΡΠΆΠ΅Π½ΠΈΠ΅Β», ΠΏΡΠ΅Π΄ΡΡΠ°Π²Π»ΡΠ΅Ρ ΡΠΎΠ±ΠΎΠΉ ΠΆΠ΅Π»ΡΡΠΉ Π±Π°Π½Π½Π΅Ρ, ΠΊΠΎΡΠΎΡΡΠΉ Π³Π»Π°ΡΠΈΡ:
Courier Fetch: 5 of 5 shards failed.
ΠΠ΄Π½Π°ΠΊΠΎ Ρ ΠΌΠΎΠ³Ρ ΠΏΡΠΎΡΠΌΠ°ΡΡΠΈΠ²Π°ΡΡ ΡΡΠΈ Π΄Π°Π½Π½ΡΠ΅ Ρ ΠΏΠΎΠΌΠΎΡΡΡ Kibana 3, ΡΡΠΎ Π½Π°Π²ΠΎΠ΄ΠΈΡ ΠΌΠ΅Π½Ρ Π½Π° ΠΌΡΡΠ»Ρ, ΡΡΠΎ ΡΡΠΎ ΠΎΡΠΈΠ±ΠΊΠ° (ΠΈΠ»ΠΈ ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠ΅) Π² ΡΠΎΠΌ, ΠΊΠ°ΠΊ Kibana 4 Π·Π°ΠΏΡΠ°ΡΠΈΠ²Π°Π΅Ρ Elasticsearch.
Π― ΡΠ°ΠΊΠΆΠ΅ Π΄ΠΎΠ»ΠΆΠ΅Π½ ΡΠΏΠΎΠΌΡΠ½ΡΡΡ, ΡΡΠΎ Ρ ΠΌΠΎΠ³Ρ ΠΏΡΠΎΡΠΌΠ°ΡΡΠΈΠ²Π°ΡΡ ΡΡΠΈ Π΄Π°Π½Π½ΡΠ΅ Π² Kibana 4, Π΅ΡΠ»ΠΈ Ρ ΠΏΠΎΠ·Π²ΠΎΠ»Ρ Elasticsearch Π΄ΠΈΠ½Π°ΠΌΠΈΡΠ΅ΡΠΊΠΈ ΡΠΎΠ·Π΄Π°Π²Π°ΡΡ ΡΠΎΠΏΠΎΡΡΠ°Π²Π»Π΅Π½ΠΈΠ΅ Π΄Π»Ρ ΡΡΠΎΠ³ΠΎ ΠΈΠ½Π΄Π΅ΠΊΡΠ°, Π½ΠΎ Ρ Ρ
ΠΎΡΠ΅Π» Π±Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΡΠΊΠΈΠΉ, ΡΡΠΎΠ±Ρ ΠΎΠ½ Π±ΡΠ» ΠΎΠΏΡΠΈΠΌΠΈΠ·ΠΈΡΠΎΠ²Π°Π½. Π― Π²ΠΊΠ»ΡΡΠΈΠ» ΡΠΎΠΏΠΎΡΡΠ°Π²Π»Π΅Π½ΠΈΠ΅, ΠΊΠΎΡΠΎΡΠΎΠ΅ ΠΏΡΡΠ°ΡΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π½ΠΈΠΆΠ΅, ΠΈ Π½Π΅ Π²ΠΈΠΆΡ Π² ΡΡΠΎΠΌ Π½ΠΈΡΠ΅Π³ΠΎ ΠΏΠ»ΠΎΡ
ΠΎΠ³ΠΎ. ΠΠ°Π½Π½ΡΠ΅ Netflow ΡΠΎΠ΄Π΅ΡΠΆΠ°Ρ Π±ΠΎΠ»ΡΡΠΈΠ΅ ΡΠΈΡΠ»Π°, ΡΠ΅ΠΌ ΠΌΠΎΠΆΠ΅Ρ ΠΎΠ±ΡΠ°Π±ΠΎΡΠ°ΡΡ "type": "long" , ΠΏΠΎΡΡΠΎΠΌΡ ΠΌΠ½Π΅ Π½ΡΠΆΠ½ΠΎ Π±ΡΠ»ΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ "type": "string" Π΄Π»Ρ Π½Π΅ΠΊΠΎΡΠΎΡΡΡ
ΠΏΠΎΠ»Π΅ΠΉ.
ΠΠ°ΠΏΡΠΎΡ
curl -XPOST http://fqdn.omitted.com:5601/elasticsearch/_msearch?timeout=0&ignore_unavailable=true&preference=1432705287095
ΠΠ°ΠΏΡΠΎΡ ΠΏΠΎΠ»Π΅Π·Π½ΠΎΠΉ Π½Π°Π³ΡΡΠ·ΠΊΠΈ
{
"index": "customindex-*",
"ignore_unavailable": true
}\n
{
"size": 500,
"sort": {
"@timestamp": "desc"
},
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"*": {}
}
},
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"interval": "30s",
"pre_zone": "-07:00",
"pre_zone_adjust_large_interval": true,
"min_doc_count": 0,
"extended_bounds": {
"min": 1432704390127,
"max": 1432705290128
}
}
}
},
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1432704390134,
"lte": 1432705290134
}
}
}
],
"must_not": []
}
}
}
},
"fields": [
"*",
"_source"
],
"script_fields": {},
"fielddata_fields": [
"@timestamp"
]
}
ΠΡΠ²Π΅Ρ
{
"responses": [
{
"took": 44,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 0,
"failed": 5,
"failures": [
{
"index": "customindex-2015.05.27",
"shard": 0,
"status": 500,
"reason": "RemoteTransportException[[fqdn.omitted.com][inet[/192.168.1.110:9300]][indices:data/read/search[phase/fetch/id]]]; nested: ElasticsearchIllegalStateException[No matching token for number_type [BIG_INTEGER]]; "
},
{
"index": "customindex-2015.05.27",
"shard": 1,
"status": 500,
"reason": "RemoteTransportException[[fqdn.omitted.com][inet[/192.168.1.110:9300]][indices:data/read/search[phase/fetch/id]]]; nested: ElasticsearchIllegalStateException[No matching token for number_type [BIG_INTEGER]]; "
},
{
"index": "customindex-2015.05.27",
"shard": 2,
"status": 500,
"reason": "RemoteTransportException[[fqdn.omitted.com][inet[/192.168.1.110:9300]][indices:data/read/search[phase/fetch/id]]]; nested: ElasticsearchIllegalStateException[No matching token for number_type [BIG_INTEGER]]; "
},
{
"index": "customindex-2015.05.27",
"shard": 3,
"status": 500,
"reason": "RemoteTransportException[[fqdn.omitted.com][inet[/192.168.112.177:9300]][indices:data/read/search[phase/fetch/id]]]; nested: ElasticsearchIllegalStateException[No matching token for number_type [BIG_INTEGER]]; "
},
{
"index": "customindex-2015.05.27",
"shard": 4,
"status": 500,
"reason": "RemoteTransportException[[fqdn.omitted.com][inet[/192.168.1.110:9300]][indices:data/read/search[phase/fetch/id]]]; nested: ElasticsearchIllegalStateException[No matching token for number_type [BIG_INTEGER]]; "
}
]
},
"hits": {
"total": 86519,
"max_score": null,
"hits": []
},
"aggregations": {
"2": {
"buckets": [
{
"key_as_string": "2015-05-27T05:16:30.000Z",
"key": 1432703790000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:17:00.000Z",
"key": 1432703820000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:17:30.000Z",
"key": 1432703850000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:18:00.000Z",
"key": 1432703880000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:18:30.000Z",
"key": 1432703910000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:19:00.000Z",
"key": 1432703940000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:19:30.000Z",
"key": 1432703970000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:20:00.000Z",
"key": 1432704000000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:20:30.000Z",
"key": 1432704030000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:21:00.000Z",
"key": 1432704060000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:21:30.000Z",
"key": 1432704090000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:22:00.000Z",
"key": 1432704120000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:22:30.000Z",
"key": 1432704150000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:23:00.000Z",
"key": 1432704180000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:23:30.000Z",
"key": 1432704210000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:24:00.000Z",
"key": 1432704240000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:24:30.000Z",
"key": 1432704270000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:25:00.000Z",
"key": 1432704300000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:25:30.000Z",
"key": 1432704330000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:26:00.000Z",
"key": 1432704360000,
"doc_count": 0
},
{
"key_as_string": "2015-05-27T05:26:30.000Z",
"key": 1432704390000,
"doc_count": 4209
},
{
"key_as_string": "2015-05-27T05:27:00.000Z",
"key": 1432704420000,
"doc_count": 7270
},
{
"key_as_string": "2015-05-27T05:27:30.000Z",
"key": 1432704450000,
"doc_count": 6646
},
{
"key_as_string": "2015-05-27T05:28:00.000Z",
"key": 1432704480000,
"doc_count": 7181
},
{
"key_as_string": "2015-05-27T05:28:30.000Z",
"key": 1432704510000,
"doc_count": 6612
},
{
"key_as_string": "2015-05-27T05:29:00.000Z",
"key": 1432704540000,
"doc_count": 6753
},
{
"key_as_string": "2015-05-27T05:29:30.000Z",
"key": 1432704570000,
"doc_count": 6509
},
{
"key_as_string": "2015-05-27T05:30:00.000Z",
"key": 1432704600000,
"doc_count": 10295
},
{
"key_as_string": "2015-05-27T05:30:30.000Z",
"key": 1432704630000,
"doc_count": 13073
},
{
"key_as_string": "2015-05-27T05:31:00.000Z",
"key": 1432704660000,
"doc_count": 14627
},
{
"key_as_string": "2015-05-27T05:31:30.000Z",
"key": 1432704690000,
"doc_count": 3344
}
]
}
}
}
]
}
Π¨Π°Π±Π»ΠΎΠ½ ΠΈ ΡΠΎΠΏΠΎΡΡΠ°Π²Π»Π΅Π½ΠΈΠ΅
{
"template": "customindex-*",
"settings": {
"index.refresh_integererval": "5s",
"index.number_of_shards": "5"
},
"mappings": {
"_default_": {
"_all": {
"enabled": false
}
},
"netflow": {
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "string"
},
"host": {
"type": "string"
},
"netflow": {
"properties": {
"flow_seq_num": {
"type": "long"
},
"flowset_id": {
"type": "long"
},
"nf_f_conn_id": {
"type": "long"
},
"nf_f_dst_addr_ipv4": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_dst_intf_id": {
"type": "long"
},
"nf_f_dst_port": {
"type": "long"
},
"nf_f_egress_acl_id": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_event_time_msec": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_flow_create_time_msec": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_fwd_flow_delta_bytes": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_rev_flow_delta_bytes": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_flow_bytes": {
"type": "long"
},
"nf_f_fw_event": {
"type": "long"
},
"nf_f_fw_ext_event": {
"type": "long"
},
"nf_f_icmp_code": {
"type": "long"
},
"nf_f_icmp_type": {
"type": "long"
},
"nf_f_icmp_type_ipv6": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_icmp_code_ipv6": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_ingress_acl_id": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_protocol": {
"type": "long"
},
"nf_f_src_addr_ipv4": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_src_intf_id": {
"type": "long"
},
"nf_f_src_port": {
"type": "long"
},
"nf_f_username": {
"type": "string"
},
"nf_f_xlate_dst_addr_ipv4": {
"type": "string"
},
"nf_f_xlate_dst_port": {
"type": "long"
},
"nf_f_xlate_src_addr_ipv4": {
"type": "string",
"index": "not_analyzed"
},
"nf_f_xlate_src_port": {
"type": "long"
},
"version": {
"type": "long"
}
}
},
"type": {
"type": "string"
}
}
}
}
}
Ginja
ΠΡΠ΅ 3 ΠΠΎΠΌΠΌΠ΅Π½ΡΠ°ΡΠΈΠΉ
ΠΠΎΡ ΠΎΠΆΠ΅, ΡΡΠΎ ΠΏΡΠΎΠ±Π»Π΅ΠΌΠ° Ρ ΠΏΠΎΠΈΡΠΊΠΎΠΌ ΡΠ»Π°ΡΡΠΈΡΠ½ΡΡ ΠΌΠ°ΡΠ΅ΡΠΈΠ°Π»ΠΎΠ²:
ElasticsearchIllegalStateException[No matching token for number_type [BIG_INTEGER]];
ΠΠ°ΠΊ Π²Ρ ΡΠΊΠ°Π·Π°Π»ΠΈ, ΠΌΠΎΠΆΠ΅Ρ ΠΏΠΎΠΊΠ°Π·Π°ΡΡΡΡ, ΡΡΠΎ Π²Ρ ΠΏΡΠΎΠΈΠ½Π΄Π΅ΠΊΡΠΈΡΠΎΠ²Π°Π»ΠΈ ΡΠ»ΠΈΡΠΊΠΎΠΌ Π±ΠΎΠ»ΡΡΠΈΠ΅ ΡΠΈΡΠ»Π° Π΄Π»Ρ ΠΎΠ±ΡΠ°Π±ΠΎΡΠΊΠΈ elasticsearch. ΠΠ°ΠΌ Π½ΡΠΆΠ½ΠΎ Π±ΡΠ΄Π΅Ρ ΠΏΠ΅ΡΠ΅ΠΈΠ½Π΄Π΅ΠΊΡΠΈΡΠΎΠ²Π°ΡΡ Π»ΡΠ±ΡΠ΅ ΡΠΆΠ΅ ΠΏΡΠΎΠΈΠ½Π΄Π΅ΠΊΡΠΈΡΠΎΠ²Π°Π½Π½ΡΠ΅ Π΄Π°Π½Π½ΡΠ΅ Π² Π²ΠΈΠ΄Π΅ ΡΡΡΠΎΠΊΠΈ, Π·Π½Π°Ρ, ΡΡΠΎ Π²Ρ Π½Π΅ ΡΠΌΠΎΠΆΠ΅ΡΠ΅ ΠΈΡ Π°Π³ΡΠ΅Π³ΠΈΡΠΎΠ²Π°ΡΡ. ΠΠ΅ΡΠ΅ΠΉΠ΄ΠΈΡΠ΅ Π½Π° http://discuss.elastic.co , Π΅ΡΠ»ΠΈ Π²Π°ΠΌ Π½ΡΠΆΠ½Π° ΠΏΠΎΠΌΠΎΡΡ.
rashidkpc
27 ΠΌΠ°Ρ 2015
Π§ΡΠΎ ΠΌΠ΅Π½Ρ Π²ΡΠ΅ Π΅ΡΠ΅ ΡΠ±ΠΈΠ²Π°Π΅Ρ Ρ ΡΠΎΠ»ΠΊΡ, ΡΠ°ΠΊ ΡΡΠΎ ΡΠΎ, ΡΡΠΎ Ρ ΠΌΠΎΠ³Ρ ΠΏΡΠΎΡΠΌΠ°ΡΡΠΈΠ²Π°ΡΡ Π΄Π°Π½Π½ΡΠ΅ Ρ ΠΏΠΎΠΌΠΎΡΡΡ Kibana 3. Π ΠΊΡΠΎ-ΡΠΎ ΡΠΏΠΎΠΌΡΠ½ΡΠ» ΡΠΎ ΠΆΠ΅ ΡΠ°ΠΌΠΎΠ΅ Π² ΡΡΠΎΠΉ ΡΠ΅ΠΌΠ΅.
Ginja
27 ΠΌΠ°Ρ 2015
Ρ ΠΌΠ΅Π½Ρ Π²ΡΠ΅ Π΅ΡΠ΅ ΡΠ° ΠΆΠ΅ ΠΏΡΠΎΠ±Π»Π΅ΠΌΠ° Ρ kibana 5.4
ghost
7 ΠΈΡΠ½. 2017
Π‘ΠΌΠ΅ΠΆΠ½ΡΠ΅ Π²ΠΎΠΏΡΠΎΡΡ
bradvido
Β·
3ΠΠΎΠΌΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ
ctindel
Β·
3ΠΠΎΠΌΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ
treussart
Β·
3ΠΠΎΠΌΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ
nyurik
Β·
3ΠΠΎΠΌΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ
MaartenUreel
Β·
3ΠΠΎΠΌΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ
Π‘Π°ΠΌΡΠΉ ΠΏΠΎΠ»Π΅Π·Π½ΡΠΉ ΠΊΠΎΠΌΠΌΠ΅Π½ΡΠ°ΡΠΈΠΉ
Ρ ΠΌΠ΅Π½Ρ Π²ΡΠ΅ Π΅ΡΠ΅ ΡΠ° ΠΆΠ΅ ΠΏΡΠΎΠ±Π»Π΅ΠΌΠ° Ρ kibana 5.4