Kibana配置详解
大约 5 分钟ELK日志收集技术Kibana配置管理
Kibana配置详解
Kibana配置文件
Kibana的主要配置文件位于$KIBANA_HOME/config/目录下,包括:
- kibana.yml:主配置文件
- kibana.keystore:密钥存储文件
- log4j2.properties:日志配置文件
kibana.yml配置详解
1. 服务器配置
基本服务器设置:
# 服务器端口
server.port: 5601
# 服务器主机
server.host: "0.0.0.0"
# 服务器名称
server.name: "kibana-server"
# 请求超时时间
server.maxPayloadBytes: 1048576
# 重写主机头
server.rewriteBasePath: false
# 自动封禁IP(防止暴力破解)
server.autoListen: true基础路径配置:
# 基础路径(用于反向代理)
server.basePath: ""
# 重定向到基础路径
server.redirectBasePathOnRootIfNotAbsolute: false
# 公共基础路径
server.publicBaseUrl: "http://localhost:5601"2. Elasticsearch配置
连接配置:
# Elasticsearch主机列表
elasticsearch.hosts: ["http://localhost:9200"]
# 请求超时时间
elasticsearch.requestTimeout: 30000
# ping超时时间
elasticsearch.pingTimeout: 1500
# 最大重试次数
elasticsearch.maxRetries: 3
# 请求头
elasticsearch.requestHeadersWhitelist: ["authorization", "x-forwarded-for"]SSL配置:
# 启用SSL
elasticsearch.ssl.verificationMode: full
elasticsearch.ssl.certificateAuthorities: ["/path/to/ca.crt"]
elasticsearch.ssl.certificate: "/path/to/client.crt"
elasticsearch.ssl.key: "/path/to/client.key"
elasticsearch.ssl.keyPassphrase: "password"
# 忽略SSL证书验证(仅用于测试)
elasticsearch.ssl.verificationMode: none认证配置:
# 用户名密码认证
elasticsearch.username: "kibana_system"
elasticsearch.password: "${KIBANA_PASSWORD}"
# API密钥认证
elasticsearch.apiKey: "KnR6yE424rJTToNJAkYn:VQ2BTjy_JTAd_NbzRqGFmw"3. 路径配置
# 数据路径
path.data: /var/lib/kibana
# 日志路径
path.logs: /var/log/kibana
# 插件路径
path.plugins: /usr/share/kibana/plugins
# 配置路径
path.conf: /etc/kibana4. 性能配置
内存配置:
# Node.js内存限制
ops.cGroupOverrides.cpuQuota: 1
ops.cGroupOverrides.cpuPeriod: 100000
ops.cGroupOverrides.cpuShares: 1024缓存配置:
# 索引模式缓存时间
indexPattern:cache:timeout: 60000
# 搜索缓存时间
search.cache:timeout: 300000并发配置:
# 最大并发连接数
server.maxConnections: 1000
# 最大事件监听器数
server.maxEventListeners: 1005. 安全配置
SSL/TLS配置:
# 启用SSL
server.ssl.enabled: true
server.ssl.certificate: /path/to/server.crt
server.ssl.key: /path/to/server.key
server.ssl.certificateAuthorities: ["/path/to/ca.crt"]
server.ssl.keyPassphrase: "password"
server.ssl.cipherSuites: ["TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"]
server.ssl.supportedProtocols: ["TLSv1.1", "TLSv1.2", "TLSv1.3"]会话配置:
# 会话加密密钥
xpack.security.encryptionKey: "something_at_least_32_characters"
# 会话超时配置
xpack.security.session.idleTimeout: "1h"
xpack.security.session.lifespan: "30d"
# 记住我功能
xpack.security.session.cleanupInterval: "1h"审计日志配置:
# 启用审计日志
logging.root.level: debug
logging.appenders.audit-appender.type: file
logging.appenders.audit-appender.fileName: /var/log/kibana/audit.log
logging.appenders.audit-appender.layout.type: json6. 用户界面配置
默认应用配置:
# 默认应用
kibana.defaultAppId: "home"
# 默认索引模式
kibana.index: ".kibana"
# 默认时间范围
timepicker:timeDefaults:
from: 'now-15m'
to: 'now'
mode: 'quick'时区配置:
# 默认时区
dateFormat:tz: "Asia/Shanghai"
# 日期格式
dateFormat: "YYYY-MM-DD HH:mm:ss"主题配置:
# 暗色主题
theme:darkMode: true
# 页面标题
server.pageTitle: "My Kibana"7. 插件配置
已安装插件:
# 禁用插件
plugins.scanDirs: [/usr/share/kibana/plugins]
plugins.initialize: true
# 插件超时时间
plugins.initializeTimeout: 60000特定插件配置:
# APM插件配置
xpack.apm.enabled: true
xpack.apm.ui.enabled: true
# 机器学习插件配置
xpack.ml.enabled: true
# SIEM插件配置
xpack.siem.enabled: true
# 基础监控插件配置
xpack.monitoring.enabled: true
xpack.monitoring.ui.enabled: true
xpack.monitoring.ui.container.elasticsearch.enabled: truekibana.keystore密钥存储
1. 创建密钥存储
# 创建密钥存储
./bin/kibana-keystore create
# 添加密钥
./bin/kibana-keystore add elasticsearch.password
./bin/kibana-keystore add elasticsearch.username
./bin/kibana-keystore add server.ssl.keyPassphrase2. 管理密钥
# 列出所有密钥
./bin/kibana-keystore list
# 删除密钥
./bin/kibana-keystore remove elasticsearch.password
# 查看密钥值
./bin/kibana-keystore show elasticsearch.usernamelog4j2.properties日志配置
1. 日志级别配置
# 根日志级别
rootLogger.level = info
# 包级别日志
logger.elasticsearch.name = elasticsearch
logger.elasticsearch.level = debug
logger.server.name = server
logger.server.level = info
logger.plugins.name = plugins
logger.plugins.level = warn2. Appender配置
# 控制台输出
appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %m%n
# 文件输出
appender.rolling.type = RollingFile
appender.rolling.name = rolling-file-appender
appender.rolling.fileName = ${sys:kibana.log}/kibana.log
appender.rolling.filePattern = ${sys:kibana.log}/kibana-%d{yyyy-MM-dd}-%i.log.gz
appender.rolling.layout.type = PatternLayout
appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %m%n
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 100MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.max = 10高级配置选项
1. 网络配置
# 代理配置
elasticsearch.customHeaders:
x-forwarded-for: "true"
x-forwarded-proto: "https"
# 响应头配置
server.customResponseHeaders:
X-Content-Type-Options: "nosniff"
X-Frame-Options: "DENY"
X-XSS-Protection: "1; mode=block"2. 索引配置
# 索引映射总数限制
savedObjects.maxImportPayloadBytes: 26214400
# 索引模式刷新间隔
indexPattern:refreshInterval: 60000
# 索引模板配置
indexPattern:placeholder: "logstash-*"3. 搜索配置
# 搜索超时时间
elasticsearch.shardTimeout: 30000
elasticsearch.requestTimeout: 300000
# 搜索分页限制
savedObjects.maxSearchSize: 10000
# 滚动搜索配置
elasticsearch.scroll.size: 1000
elasticsearch.scroll.ttl: "1m"性能优化配置
1. 内存优化
# Node.js内存限制
--max-old-space-size=4096
# 线程池配置
server.maxPayloadBytes: 20971522. 缓存优化
# 索引模式缓存
indexPattern:cache:timeout: 120000
# 搜索结果缓存
search.cache:timeout: 600000
# 可视化缓存
visualization:cache:timeout: 3000003. 网络优化
# 连接池配置
elasticsearch.maxSockets: 100
elasticsearch.compression: true
# 请求超时配置
elasticsearch.requestTimeout: 60000
elasticsearch.pingTimeout: 3000安全配置最佳实践
1. SSL/TLS配置
# 启用SSL
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key
server.ssl.certificateAuthorities: ["/etc/kibana/certs/ca.crt"]
# 强制HTTPS重定向
server.ssl.redirectHttpFromPort: 802. 认证配置
# 启用安全功能
xpack.security.enabled: true
# 配置加密密钥
xpack.security.encryptionKey: "something_at_least_32_characters"
# 配置会话管理
xpack.security.session.idleTimeout: "1h"
xpack.security.session.lifespan: "30d"3. 访问控制
# 配置CORS
server.cors: true
server.cors.origin: ["*"]
server.cors.credentials: true
server.cors.methods: ["HEAD", "GET", "POST", "PUT", "DELETE"]
server.cors.headers: ["Authorization", "X-Requested-With", "Content-Type", "Content-Length"]监控与调试配置
1. 监控配置
# 启用监控
xpack.monitoring.enabled: true
xpack.monitoring.ui.enabled: true
# 监控收集间隔
xpack.monitoring.collection.interval: 10000
# 监控日志
logging.loggers:
- name: monitoring
level: debug2. 调试配置
# 调试日志级别
logging.root.level: debug
# 特定模块调试
logging.loggers:
- name: elasticsearch
level: debug
- name: server
level: debug3. 性能监控
# 启用性能监控
ops.interval: 5000
# 内存监控
ops.cGroupOverrides.cpuQuota: 1
ops.cGroupOverrides.cpuPeriod: 100000常见配置问题
1. 连接问题
# 问题:无法连接Elasticsearch
# 解决:检查连接配置
elasticsearch.hosts: ["http://elasticsearch-host:9200"]
elasticsearch.requestTimeout: 60000
# 问题:SSL证书验证失败
# 解决:配置SSL或禁用验证
elasticsearch.ssl.verificationMode: certificate
# 或
elasticsearch.ssl.verificationMode: none2. 内存问题
# 问题:内存不足
# 解决:调整Node.js内存限制
--max-old-space-size=2048
# 问题:堆内存溢出
# 解决:优化查询和缓存
search.cache:timeout: 600003. 安全问题
# 问题:认证失败
# 解决:检查认证配置
elasticsearch.username: "kibana_system"
elasticsearch.password: "${KIBANA_PASSWORD}"
# 问题:SSL配置错误
# 解决:检查证书路径和密码
server.ssl.certificate: /path/to/server.crt
server.ssl.key: /path/to/server.key总结
Kibana的配置管理涉及服务器设置、Elasticsearch连接、安全配置、性能优化等多个方面。通过合理配置各项参数,可以确保Kibana的稳定运行和高性能表现。在实际应用中,需要根据具体需求和环境特点进行相应的配置调整和优化,同时注意安全性和监控配置,确保系统的可靠性和可维护性。