Kibana User Guide [4.2] » Using Kibana in a Production Environment

Using Kibana in a Production Environment

在生成环境使用Kibana

Using Kibana in a Production Environment

On this page

Configuring
Kibana to Work with Shield

Enabling
SSL

Controlling
access

Load
Balancing Across Multiple Elasticsearch Nodes

Kibana
Reference:
master4.2 (current)
4.14.0
3.0

Introduction

Getting
Kibana Up and Running

Getting
Started with Kibana

Kibana
Plugins

Accessing
Kibana

Discover

Visualize

Dashboard

Settings

Using
Kibana in a Production Environment

Kibana
4.2 Release Notes

Configuring
Kibana to Work with Shield 配置Kibana在保护下工作

Enabling
SSL 使SSL工作

Controlling
Access 控制入口

Load
Balancing Across Multiple Elasticsearch Nodes 在多ES节点间加载平衡

How you deploy Kibana largely depends on your use case. If you are the only user, you can run Kibana on your local machine and configure it to point to whatever Elasticsearch instance you want to interact with. Conversely, if you have a large number of heavy
Kibana users, you might need to load balance across multiple Kibana instances that are all connected to the same Elasticsearch instance.

你怎么使用Kibana很大程度上依赖你的应用案例。如果你是唯一的一个用户，你可以在本地机器上运行Kibana，配置它和和ES例子协同即可。相反的，如果你有很多用户，你应该考虑众多连接到ES例子上的Kibana例子间的平衡。

While Kibana isn’t terribly resource intensive, we still recommend running Kibana separate from your Elasticsearch data or master nodes. To distribute Kibana traffic across the nodes in your Elasticsearch cluster, you can run Kibana and an Elasticsearch client
node on the same machine. For more information, see Load
Balancing Across Multiple Elasticsearch Nodes.

当Kibana不需要增强资源时，我们仍然推荐运行Kibana时，和ES节点或主节点分开。为了分配ES簇节点间的Kibana链路，你可以在同一台机器上运行Kibana和一个ES请求节点。关于更多信息，查看：Load
Balancing Across Multiple Elasticsearch Nodes。

Configuring
Kibana to Work with Shield 配置Kibana在保护下工作

If you are using Shield to authenticate Elasticsearch users, you need to provide the Kibana server with credentials so it can access the

.kibana

index
and monitor the cluster.

如果你在使用Shield来证实ES用户，你需要给Kibana服务器提供信任说明，让它能够接受.kibana索引并监视集群。

To configure credentials for the Kibana server: 为Kibana服务器配置信任说明

Assign the

kibana4_server

role
to a user in Shield. For more information, see Configuring
a Role for the Kibana 4 Server in the Shield documentation. 在Shield中，把

kibana4_server

角色设定为用户。关于更多信息，查看Shield文档中的：Configuring
a Role for the Kibana 4 Server。

Set the

kibana_elasticsearch_username

and

kibana_elasticsearch_password

properties
in

kibana.yml

to
specify the credentials of the user you assigned the

kibana4_server

role:
在kibana.yml中，设置kibana_elasticsearch_username和kibana_elasticsearch_password特性，来指定你在kibana4_server角色中分派的用户信任说明。

kibana_elasticsearch_username: kibana4-user
kibana_elasticsearch_password: kibana4-password

Kibana 4 users also need access to the

.kibana

index
so they can save and load searches, visualizations, and dashboards. For more information, see Configuring
Roles for Kibana 4 Users in the Shield documentation.

Kibana 4 用户也需要访问.kibana索引，所以他们可以保存和加载搜索、可视化和仪表盘。关于更多信息，可以查看Shield文档中的Configuring
Roles for Kibana 4 Users。

See Kibana
and Elasticsearch Dynamic Mapping for important information on Kibana and the dynamic mapping feature in Elasticsearch.

关于Kibana的重要信息和ES动态映射特性，可以查看：Kibana
and Elasticsearch Dynamic Mapping。

Enabling
SSL 使SSL工作

Kibana supports SSL encryption for both client requests and the requests the Kibana server sends to Elasticsearch.

Kibana支持SSL加密，包括客户端请求和Kibana发送给ES的请求。

To encrypt communications between the browser and the Kibana server, you configure the

ssl_key_file

and

ssl_cert_file

properties
in

kibana.yml

:

为了加密浏览器和Kibana服务器的通信，你可以配置kibana.yml中ssl_key_file的和ssl_cert_file。

# SSL for outgoing requests from the Kibana Server (PEM formatted)
server.ssl.key: /path/to/your/server.key
server.ssl.cert: /path/to/your/server.crt

If you are using Shield or a proxy that provides an HTTPS endpoint for Elasticsearch, you can configure Kibana to access Elasticsearch via HTTPS so communications between the Kibana server and Elasticsearch are encrypted.

如果你在使用Shield或代理给ES提供HTTPS终点，你可以通过HTTPS配置Kibana来访问ES，以至于Kibana和ES之间的通信是加密的。

To do this, you specify the HTTPS protocol when you configure the Elasticsearch URL in

kibana.yml

:

为了做这个，当你配置kibana.yml中的ES的URL时，你要指定HTTPS协议：

elasticsearch: "https://<your_elasticsearch_host>.com:9200"

If you are using a self-signed certificate for Elasticsearch, set the

ca

property
in

kibana.yml

to
specify the location of the PEM file. Setting the

ca

property
lets you leave the

verify_ssl

option
enabled.

如果你在为ES使用自己签名的正说，在kibana.yml中设置ca特权，来确认PEM文件的位置。设置ca权限，让你能够激活verify_ssl选择权。

# If you need to provide a CA certificate for your Elasticsearch instance, put
# the path of the pem file here.
ca: /path/to/your/ca/cacert.pem

Controlling
access 控制入口（访问）

You can use Elasticsearch
Shield (Shield) to control what Elasticsearch data users can access through Kibana. Shield provides index-level access control. If a user isn’t authorized to run the query that populates a Kibana visualization, the user just sees an empty visualization.

你可以使用Elasticsearch
Shield 控制使用者通过Kibana访问的ES数据。Shield提供了索引层面的访问控制。如果一个用户未经授权，而想访问Kibana可视化结果，那么他看到的将是空的可视化。

To configure access to Kibana using Shield, you create Shield roles for Kibana using the

kibana4

default
role as a starting point. For more information, see Using
Kibana 4 with Shield.

为了配置使用Shield对Kibana 的访问，你可以在启动端，使用Kibana4默认角色，为Kibana创建Shield角色。关于更多信息，参考：Using
Kibana 4 with Shield。

Load
Balancing Across Multiple Elasticsearch Nodes 在多ES节点间加载平衡

If you have multiple nodes in your Elasticsearch cluster, the easiest way to distribute Kibana requests across the nodes is to run an Elasticsearch client node
on the same machine as Kibana. Elasticsearch client nodes are essentially smart load balancers that are part of the cluster. They process incoming HTTP requests, redirect operations to the other nodes in the cluster as needed, and gather and return the results.
For more information, see Node in
the Elasticsearch reference.

如果你的ES集群中有多个节点，在节点间，最简单分配Kibana请求的方式，是在同样的机器上，作为Kibana，运行一个ES客户端节点。ES客户端节点本质上是只能加载平衡，是集群的一部分。他们处理进来的HTTP请求，重定向到其他节点的操作是集群需要的，还要收集和返回结果。关于更多信息，可以参考ES指导中的Node。

To use a local client node to load balance Kibana requests:

使用本地请求节点来加载Kibana请求：

Install Elasticsearch on the same machine as Kibana. 在Kibana同名机器上安装Kibana。

Configure the node as a client node. In

elasticsearch.yml

,
set both

node.data

and

node.master

to

false

:
配置节点成为请求节点。在elasticsearch.yml中，把node.data和node.master设置成false。

# 3. You want this node to be neither master nor data node, but
#    to act as a "search load balancer" (fetching data from nodes,
#    aggregating results, etc.)
#
node.master: false
node.data: false

Configure the client node to join your Elasticsearch cluster. In

elasticsearch.yml

,
set the

cluster.name

to
the name of your cluster. 配置请求节点，来加入你的ES集群。在elasticsearch.yml中，设置luster.name成你集群的名字。

cluster.name: "my_cluster"

Make sure Kibana is configured to point to your local client node. In

kibana.yml

,
the

elasticsearch_url

should
be set to

localhost:9200

.
确保Kibana配置指向你本地客户端节点。在kibana.yml中，

elasticsearch_url

应该被设置成localhost:9200。

# The Elasticsearch instance to use for all your queries.
elasticsearch_url: "http://localhost:9200"

备注：

材料来自elastic官网。

原文地址：
https://www.elastic.co/guide/en/kibana/current/production.html