ELK kibana查询与过滤(17th)
<p>在kibana中,可通过搜索查询过滤事务或者在visualization界面点击元素过滤。</p><h3>创建查询</h3>
<p>在Discover界面的搜索栏输入要查询的字段。查询语法是基于Lucene的查询语法。允许布尔运算符、通配符和字段筛选。注意关键字要大写。如查询类型是http,且状态码是302。type: http AND http.code: 302。</p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10769" src="https://zhuji.jb51.net/uploads/img/20230519/ee4b8edaa5a11ee841e76fdf06686d2a.jpg" width="670" height="194"></p>
<h3>字符串查询</h3>
<p>查询可以包含一个或多个字或者短语。短语需要使用双引号引起来。如:</p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10770" src="https://zhuji.jb51.net/uploads/img/20230519/4d892256701ce6dc644bcd1ffd6a1d5b.jpg" width="670" height="233"></p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10771" src="https://zhuji.jb51.net/uploads/img/20230519/b40dd29d715e492c5479ac5bd47c934e.jpg" width="670" height="243"></p>
<p>每个字段都会匹配过去。要搜索一个确切的字符串,需要使用双引号引起来。</p>
<p>如果不带引号,将会匹配每个单词。</p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10772" src="https://zhuji.jb51.net/uploads/img/20230519/dd3b1e0d3998669ec3d8fc98d14b1ee3.jpg" width="670" height="223"></p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10773" src="https://zhuji.jb51.net/uploads/img/20230519/72ba103166bb2b3ba80af0ea299e9ebd.jpg" width="670" height="222"></p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10774" src="https://zhuji.jb51.net/uploads/img/20230519/8aec4065998fcdeaf7d4ed0805ea2f46.jpg" width="670" height="216"></p>
<p>kibana会忽略特殊字符。</p>
<h3>基于字段的查询</h3>
<p>只搜索特定的字段。</p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10775" src="https://zhuji.jb51.net/uploads/img/20230519/318df2a5190b24776a819826400d15e8.jpg" width="670" height="168"></p>
<h3>正则表达式查询</h3>
<p>kibana支持正则表达式过滤器和表达式。</p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10776" src="https://zhuji.jb51.net/uploads/img/20230519/78d9bc32503fe54fbdbe9a58e152049c.jpg" width="670" height="224"></p>
<h3>返回查询</h3>
<p>允许一个字段值在某个区间。[] 包含该值,{}不包含。</p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10777" src="https://zhuji.jb51.net/uploads/img/20230519/fe28435acbfe8aa578c755aff8f2b039.jpg" width="670" height="168"></p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone size-full wp-image-10778" src="https://zhuji.jb51.net/uploads/img/20230519/9279f4e48f56a2e8015a5d44a7ecc6dc.jpg" width="212" height="258"></p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10779" src="https://zhuji.jb51.net/uploads/img/20230519/f99465d655760b5220f4cf09dbc07d74.jpg" width="670" height="161"></p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone size-full wp-image-10780" src="https://zhuji.jb51.net/uploads/img/20230519/8c02965e3b0b90b7f37fcdfd6ee4a4ec.jpg" width="203" height="134"></p>
<h3>布尔查询</h3>
<p>布尔运算符(AND,OR,NOT)允许通过逻辑运算符组合多个子查询。</p>
<p>运算符AND/OR/NOT必须大写。</p>
<p>NOT type: mysql</p>
<p>mysql.method: SELECT AND mysql.size: </p>
<p>(mysql.method: INSERT OR mysql.method: UPDATE) AND responsetime: </p>
<h3>创建过滤器</h3>
<p>可通过单击可视化中的元素进行筛选。</p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10781" src="https://zhuji.jb51.net/uploads/img/20230519/bd4e878775ff4e71a14607051d5522d8.jpg" width="670" height="341"></p>
<p>绿色filter for value 红色filter out value。</p>
<p><img title="ELK kibana查询与过滤(17th)" class="alignnone wp-image-10782" src="https://zhuji.jb51.net/uploads/img/20230519/799d241864e08ece33019876b76a303d.jpg" width="670" height="230"></p>
頁:
[1]