Connect to Kibana

Updated at:
Copy as MD

If you already use Kibana to visualize Elasticsearch log data and want to migrate to Simple Log Service (SLS), you can use the SLS Elasticsearch-compatible API without modifying your business code.

Important

This document is an original work and the intellectual property of Alibaba Cloud. It describes the capabilities of Alibaba Cloud to interact with third-party products and may reference third-party companies or products.

Prerequisites

  • A project and a Standard logstore are created, and logs are collected. For more information, see Manage projects, Create a basic Logstore, and Data collection.

  • Indexes are created before you query logs. For more information, see Create indexes.

  • An AccessKey pair is created for the RAM user, and the required permissions to query logs in logstores are granted to the RAM user. For more information, see RAM authorization.

Background information

Kibana is an open-source data visualization and exploration tool built on Elasticsearch. Simple Log Service provides an Elasticsearch-compatible API that lets you query and analyze log data in Simple Log Service directly from Kibana.

How it works

Deploy Kibana, a proxy, and Elasticsearch in your client environment.

  • Kibana: Queries, analyzes, and visualizes data.

  • Elasticsearch: Stores Kibana metadata, primarily low-volume configuration data.

    Kibana metadata requires frequent updates, but Simple Log Service does not support updates. Therefore, deploy a dedicated Elasticsearch instance to store Kibana metadata.

  • proxy: Routes API requests to either the local Elasticsearch instance (for Kibana metadata) or the Elasticsearch-compatible API of Simple Log Service (for log data).

image

Step 1: Deploy Elasticsearch, Kibana, and a proxy

Important
  • The server should have at least 8 GB of memory.

  • The Docker version must be 1.18 or later.

Docker Compose

  1. On the server, create a new directory named sls-kibana. In the sls-kibana directory, create a subdirectory named data. Change the permissions of the data directory to ensure that the Elasticsearch container has read, write, and execute permissions for this directory.

    mkdir sls-kibana
    
    cd sls-kibana
    
    mkdir data
    chmod 777 data 
  2. In the sls-kibana directory, create a .env file with the following content. Modify the parameters to match your settings.

    ES_PASSWORD=aStrongPassword  # Change the password based on your requirements.
    
    SLS_ENDPOINT=cn-huhehaote.log.aliyuncs.com
    SLS_PROJECT=etl-dev-7494ab****
    SLS_ACCESS_KEY_ID=xxx
    SLS_ACCESS_KEY_SECRET=xxx
    # ECS_ROLE_NAME="" # If you use an ECS instance RAM role for access, specify the role name here.
    #SLS_PROJECT_ALIAS=etl-dev # Optional. If the SLS_PROJECT name is too long, you can set an alias.
    #SLS_LOGSTORE_FILTERS="access*" # Optional. Specifies the Logstores for which index patterns are automatically created. Separate multiple patterns with a comma (,) and enclose the value in double quotation marks ("). Example: "access*,error*".
    #KIBANA_SPACE=default # Optional. Specifies the space in which to create the index pattern. If the space does not exist, it is automatically created.
    
    # You can add more projects. If you add more than six projects, you must also reference them in the docker-compose.yml file.
    #SLS_ENDPOINT2=cn-huhehaote.log.aliyuncs.com
    #SLS_PROJECT2=etl-dev2
    #SLS_ACCESS_KEY_ID2=xxx
    #SLS_ACCESS_KEY_SECRET2=xxx
    #SLS_PROJECT_ALIAS2=etl-dev2 # Optional. If the SLS_PROJECT name is too long, you can set an alias.
    #SLS_LOGSTORE_FILTERS2="test*log" # Optional. Specifies the Logstores for which index patterns are automatically created. Separate multiple patterns with a comma (,) and enclose the value in double quotation marks ("). Example: "access*,error*".
    #KIBANA_SPACE2=default # Optional. Specifies the space in which to create the index pattern. If the space does not exist, it is automatically created.

    Parameter

    Description

    ES_PASSWORD

    The password for both Elasticsearch and Kibana.

    ECS_ROLE_NAME

    The name of the ECS instance RAM role. For details on the required permissions, see RAM authorization.

    SLS_ENDPOINT

    The endpoint of the project. For details, see Manage projects.

    SLS_PROJECT

    The name of the Simple Log Service project. For details, see Manage projects.

    SLS_ACCESS_KEY_ID

    The AccessKey ID of the RAM user created in the Prerequisites section. This user must have permission to query data in the Logstore. For details, see RAM authorization.

    SLS_ACCESS_KEY_SECRET

    The AccessKey secret of the RAM user created in the Prerequisites section. This user must have permission to query data in the Logstore. For details, see RAM authorization.

    SLS_PROJECT_ALIAS

    Optional. If the SLS_PROJECT name is too long, you can set an alias.

    SLS_LOGSTORE_FILTERS

    Optional. Specifies the Logstores for which index patterns are automatically created. Separate multiple patterns with commas and enclose the entire value in double quotation marks. Example: "access*,error*".

    KIBANA_SPACE

    Optional. Specifies the space in which to create the index pattern. If the space does not exist, the system creates it automatically.

  3. In the sls-kibana directory, create a docker-compose.yaml file with the following content.

    services:
      es:
        image: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/elasticsearch:7.17.26
        #image: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/elasticsearch:7.17.26-arm64
        environment:
          - "discovery.type=single-node"
          - "ES_JAVA_OPTS=-Xms2G -Xmx2G"
          - ELASTIC_USERNAME=elastic
          - ELASTIC_PASSWORD=${ES_PASSWORD}
          - xpack.security.enabled=true
        volumes:
          # Make sure that you have created the ./data directory and granted permissions by running `mkdir data && chmod 777 data`.
          - ./data:/usr/share/elasticsearch/data
      kproxy:
        image: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8
        #image: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8-arm64
        depends_on:
          - es
        environment:
          - ES_ENDPOINT=es:9200
    
          - ECS_ROLE_NAME=${ECS_ROLE_NAME}
          # The first Simple Log Service project.
          - SLS_ENDPOINT=${SLS_ENDPOINT}
          - SLS_PROJECT=${SLS_PROJECT}
          - SLS_LOGSTORE_FILTERS=${SLS_LOGSTORE_FILTERS}
          - KIBANA_SPACE=${KIBANA_SPACE}
          - SLS_PROJECT_ALIAS=${SLS_PROJECT_ALIAS}
          - SLS_ACCESS_KEY_ID=${SLS_ACCESS_KEY_ID}
          - SLS_ACCESS_KEY_SECRET=${SLS_ACCESS_KEY_SECRET}
    
          # The second Simple Log Service project.
          - SLS_ENDPOINT2=${SLS_ENDPOINT2}
          - SLS_PROJECT2=${SLS_PROJECT2}
          - SLS_LOGSTORE_FILTERS2=${SLS_LOGSTORE_FILTERS2}
          - KIBANA_SPACE2=${KIBANA_SPACE2}
          - SLS_PROJECT_ALIAS2=${SLS_PROJECT_ALIAS2}
          - SLS_ACCESS_KEY_ID2=${SLS_ACCESS_KEY_ID2}
          - SLS_ACCESS_KEY_SECRET2=${SLS_ACCESS_KEY_SECRET2}
    
          - SLS_ENDPOINT3=${SLS_ENDPOINT3}
          - SLS_PROJECT3=${SLS_PROJECT3}
          - SLS_LOGSTORE_FILTERS3=${SLS_LOGSTORE_FILTERS3}
          - KIBANA_SPACE3=${KIBANA_SPACE3}
          - SLS_PROJECT_ALIAS3=${SLS_PROJECT_ALIAS3}
          - SLS_ACCESS_KEY_ID3=${SLS_ACCESS_KEY_ID3}
          - SLS_ACCESS_KEY_SECRET3=${SLS_ACCESS_KEY_SECRET3}
    
          - SLS_ENDPOINT4=${SLS_ENDPOINT4}
          - SLS_PROJECT4=${SLS_PROJECT4}
          - SLS_LOGSTORE_FILTERS4=${SLS_LOGSTORE_FILTERS4}
          - KIBANA_SPACE4=${KIBANA_SPACE4}
          - SLS_PROJECT_ALIAS4=${SLS_PROJECT_ALIAS4}
          - SLS_ACCESS_KEY_ID4=${SLS_ACCESS_KEY_ID4}
          - SLS_ACCESS_KEY_SECRET4=${SLS_ACCESS_KEY_SECRET4}
    
          - SLS_ENDPOINT5=${SLS_ENDPOINT5}
          - SLS_PROJECT5=${SLS_PROJECT5}
          - SLS_LOGSTORE_FILTERS5=${SLS_LOGSTORE_FILTERS5}
          - KIBANA_SPACE5=${KIBANA_SPACE5}
          - SLS_PROJECT_ALIAS5=${SLS_PROJECT_ALIAS5}
          - SLS_ACCESS_KEY_ID5=${SLS_ACCESS_KEY_ID5}
          - SLS_ACCESS_KEY_SECRET5=${SLS_ACCESS_KEY_SECRET5}
    
          - SLS_ENDPOINT6=${SLS_ENDPOINT6}
          - SLS_PROJECT6=${SLS_PROJECT6}
          - SLS_LOGSTORE_FILTERS6=${SLS_LOGSTORE_FILTERS6}
          - KIBANA_SPACE6=${KIBANA_SPACE6}
          - SLS_PROJECT_ALIAS6=${SLS_PROJECT_ALIAS6}
          - SLS_ACCESS_KEY_ID6=${SLS_ACCESS_KEY_ID6}
          - SLS_ACCESS_KEY_SECRET6=${SLS_ACCESS_KEY_SECRET6}
          # You can add more projects, up to a maximum of 255.
      kibana:
        image: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kibana:7.17.26
        #image: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kibana:7.17.26-arm64
        depends_on:
          - kproxy
        environment:
          - ELASTICSEARCH_HOSTS=http://kproxy:9201
          - ELASTICSEARCH_USERNAME=elastic
          - ELASTICSEARCH_PASSWORD=${ES_PASSWORD}
          - XPACK_MONITORING_UI_CONTAINER_ELASTICSEARCH_ENABLED=true
        ports:
          - "5601:5601"
    
      # This service component is optional. It automatically creates Kibana index patterns.
      index-patterner:
        image: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8
        #image: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8-arm64
        command: /usr/bin/python3 -u /workspace/create_index_pattern.py
        depends_on:
          - kibana
        environment:
          - KPROXY_ENDPOINT=http://kproxy:9201
          - KIBANA_ENDPOINT=http://kibana:5601
          - KIBANA_USER=elastic
          - KIBANA_PASSWORD=${ES_PASSWORD}
    
          - ECS_ROLE_NAME=${ECS_ROLE_NAME}
    
          - SLS_PROJECT_ALIAS=${SLS_PROJECT_ALIAS}
          - SLS_ACCESS_KEY_ID=${SLS_ACCESS_KEY_ID}
          - SLS_ACCESS_KEY_SECRET=${SLS_ACCESS_KEY_SECRET}
    
          - SLS_PROJECT_ALIAS2=${SLS_PROJECT_ALIAS2}
          - SLS_ACCESS_KEY_ID2=${SLS_ACCESS_KEY_ID2}
          - SLS_ACCESS_KEY_SECRET2=${SLS_ACCESS_KEY_SECRET2}
    
          - SLS_PROJECT_ALIAS3=${SLS_PROJECT_ALIAS3}
          - SLS_ACCESS_KEY_ID3=${SLS_ACCESS_KEY_ID3}
          - SLS_ACCESS_KEY_SECRET3=${SLS_ACCESS_KEY_SECRET3}
    
          - SLS_PROJECT_ALIAS4=${SLS_PROJECT_ALIAS4}
          - SLS_ACCESS_KEY_ID4=${SLS_ACCESS_KEY_ID4}
          - SLS_ACCESS_KEY_SECRET4=${SLS_ACCESS_KEY_SECRET4}
    
          - SLS_PROJECT_ALIAS5=${SLS_PROJECT_ALIAS5}
          - SLS_ACCESS_KEY_ID5=${SLS_ACCESS_KEY_ID5}
          - SLS_ACCESS_KEY_SECRET5=${SLS_ACCESS_KEY_SECRET5}
    
          - SLS_PROJECT_ALIAS6=${SLS_PROJECT_ALIAS6}
          - SLS_ACCESS_KEY_ID6=${SLS_ACCESS_KEY_ID6}
          - SLS_ACCESS_KEY_SECRET6=${SLS_ACCESS_KEY_SECRET6}
    
          # You can add more projects, up to a maximum of 255.
  4. Run the following command to start the services.

    docker compose up -d
  5. Run the following command to check the service status.

    docker compose ps
  6. After the deployment is complete, enter http://${IP address of the server where Kibana is deployed}:5601 in your browser to access the Kibana login page. Log in with the username elastic and the password you configured in the .env file.

    Important

    You must add port 5601 to the security group rules for the server. For more information, see Add a security group rule.

    http://${IP address of the server where Kibana is deployed}:5601

    image

Helm

Prerequisites

Ensure your Container Service for Kubernetes (ACK) cluster has the following components installed. To view installed components, see Manage components.

Procedure

  1. Create a namespace.

    # Create a namespace.
    kubectl create namespace sls-kibana
  2. Create and edit a values.yaml file with the following content. Modify the parameters to match your settings.

    kibana:
      ingressClass: nginx # Modify the value based on the installed Ingress controller.
      # To find this value, go to the Components page of your ACK cluster and search for Ingress.
      # For ALB Ingress Controller, set the value to alb.
      # For MSE Ingress Controller, set the value to mse.
      # For Nginx Ingress Controller, set the value to nginx.
      ingressDomain: # This can be empty. If you want to access Kibana via a domain name, set this value.
      ingressPath: /kibana/ # Required. The subpath used to access Kibana.
      # If ingressDomain is not empty, you can set ingressPath to /.
      #i18nLocale: en # Sets the Kibana language. The default is English (en). To use Chinese, set the value to zh-CN.
    
    elasticsearch:
      password: aStrongPass  # Modify the Elasticsearch password based on your requirements. This is also the Kibana access password for the `elastic` user.
      #diskZoneId: cn-hongkong-c # Specifies the zone where the disk used by Elasticsearch resides. If not set, a zone is automatically selected.
    
    repository:
      region: cn-hangzhou
      # The region where the image is located. Set to cn-hangzhou for regions in mainland China and ap-southeast-1 for regions outside mainland China. The image is pulled over the public network.
    
    #kproxy:
    #  ecsRoleName:  # If you use an ECS instance RAM role for access, specify the role name.
    
    #arch: amd64 # amd64 or arm64. Default is amd64.
    
    sls:
      - project: k8s-log-c5****** # The Simple Log Service project.
        endpoint: cn-huhehaote.log.aliyuncs.com # The endpoint of the Simple Log Service project.
        accessKeyId: The AccessKey ID that has permissions to access Simple Log Service.
        accessKeySecret: The AccessKey secret that has permissions to access Simple Log Service.
      #  alias: etl-logs # Optional. If the project name is too long in Kibana, you can set an alias.
      #  kibanaSpace: default  # Optional. Specifies the space in which to create the index pattern. If the space does not exist, it is automatically created.
      #  logstoreFilters: "*" # Optional. Specifies the Logstores for which index patterns are automatically created. Separate multiple patterns with a comma (,) and enclose the value in double quotation marks ("). Example: "access*,error*".
    
      # To add a second project, use the same format as above.
      #- project: etl-dev2 # The Simple Log Service project.
      #  endpoint: cn-huhehaote.log.aliyuncs.com # The endpoint of the Simple Log Service project.
      #  accessKeyId: The AccessKey ID that has permissions to access Simple Log Service.
      #  accessKeySecret: The AccessKey secret that has permissions to access Simple Log Service.
      #  alias: etl-logs2 # Optional. If the project name is too long in Kibana, you can set an alias.
      #  kibanaSpace: default  # Optional. Specifies the space in which to create the index pattern. If the space does not exist, it is automatically created.
      #  logstoreFilters: "*" # Optional. Specifies the Logstores for which index patterns are automatically created. Separate multiple patterns with a comma (,) and enclose the value in double quotation marks ("). Example: "access*,error*".

    Parameter

    Description

    kibana.ingressClass

    Specify this parameter based on the Ingress controller that you installed. For details, see Manage components.

    • ALB Ingress Controller: set to alb.

    • MSE Ingress Controller: set to mse.

    • Nginx Ingress Controller: set to nginx.

    kibana.ingressDomain

    Optional. The domain name for accessing Kibana. This parameter is required if you want to use a domain name.

    repository.region

    The region where the image is located. Set to cn-hangzhou for regions in the Chinese mainland and ap-southeast-1 for regions outside the Chinese mainland. The image is pulled over the public network.

    kibana.ingressPath

    The subpath for accessing Kibana. If ingressDomain is not empty, you can set ingressPath to /.

    elasticsearch.password

    Modify the Elasticsearch password, which is also the logon password for Kibana. The Elasticsearch account is elastic.

    kproxy.ecsRoleName

    The name of the ECS instance RAM role used for access. For details on the required permissions, see RAM authorization.

    sls.project

    The name of the Simple Log Service project. For details, see Manage projects.

    sls.endpoint

    The endpoint of the project. For details, see Manage projects.

    sls.accessKeyId

    The AccessKey ID of the RAM user created in the Prerequisites section. This user must have permission to query data in the Logstore. For details, see RAM authorization.

    sls.accessKeySecret

    The AccessKey secret of the RAM user created in the Prerequisites section. This user must have permission to query data in the Logstore. For details, see RAM authorization.

    sls.alias

    Optional. If the project name is too long in Kibana, you can set an alias.

    sls.kibanaSpace

    Optional. Specifies the space in which to create the index pattern. If the space does not exist, the system creates it automatically.

    sls.logstoreFilters

    Optional. Specifies the Logstores for which to automatically create index patterns. Separate multiple patterns with commas and enclose the entire value in double quotation marks. Example: "access*,error*".

  3. Run the following command to deploy the services by using Helm.

    helm install sls-kibana https://sls-kproxy.oss-cn-hangzhou.aliyuncs.com/sls-kibana-1.5.7.tgz -f values.yaml --namespace sls-kibana
  4. After the deployment is complete, enter http://${ingress address}/kibana/ in your browser to access the Kibana login page. Log in with the username elastic and the password you configured in the values.yaml file.

    http://${ingress address}/kibana/ 

    image

Docker

Step 1: Deploy Elasticsearch

Important

To deploy services by using Docker, you must first install and start Docker. For details, see Install and use Docker and Docker Compose.

  1. Run the following commands on the server to deploy Elasticsearch.

    sudo docker pull sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/elasticsearch:7.17.26
    
    sudo mkdir /data  # The directory where Elasticsearch data is stored. Modify the path based on your requirements.
    sudo chmod 777 /data # Configure permissions.
    
    sudo docker run -d --name es -p 9200:9200 \
               -e "discovery.type=single-node" \
               -e "ES_JAVA_OPTS=-Xms2G -Xmx2G" \
               -e ELASTIC_USERNAME=elastic \
               -e ELASTIC_PASSWORD=passwd \
               -e xpack.security.enabled=true \
               -v /data:/usr/share/elasticsearch/data \
               sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/elasticsearch:7.17.26

    Parameter

    Description

    ELASTIC_USERNAME

    The username to log in to Elasticsearch. This is fixed to elastic.

    ELASTIC_PASSWORD

    The password to log in to Elasticsearch. The password must be a string.

    /data

    The data storage path for Elasticsearch on the host machine.

  2. After the deployment is complete, run the following command to verify that Elasticsearch is running. If you are using a public IP address, you must add a security group rule to the server to allow inbound traffic on port 9200. For details, see Add a security group rule.

    curl http://${IP address of the server where Elasticsearch is deployed}:9200

    A response containing security_exception indicates that Elasticsearch is deployed successfully.

    {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

Step 2: Deploy the proxy

When you connect Kibana to Simple Log Service, you can connect to one or more projects. Add the project information when you deploy the proxy.

Single project

sudo docker pull sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8

sudo docker run  -d --name proxy \
            -e ES_ENDPOINT=${IP address of the server where Elasticsearch is deployed}:9200 \
            -e SLS_ENDPOINT=https://prjA.cn-guangzhou.log.aliyuncs.com/es/ \
            -e SLS_PROJECT=prjA \
            -e SLS_ACCESS_KEY_ID=${aliyunAccessId} \
            -e SLS_ACCESS_KEY_SECRET=${aliyunAccessKey} \
            -p 9201:9201 \
            -ti sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8

Multiple projects

    Important
    • You can add up to 32 projects.

    • The base variable names (SLS_PROJECT, SLS_ENDPOINT, etc.) apply to the first project. For subsequent projects, append a numeric suffix to the variable names, such as SLS_PROJECT2 and SLS_ENDPOINT2.

    • If a subsequent project shares the same endpoint or AccessKey pair as the first project, you can omit those variables for that project.

sudo docker pull sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8

sudo docker run  -d --name proxy \
            -e ES_ENDPOINT=${IP address of the server where Elasticsearch is deployed}:9200 \
            -e SLS_ENDPOINT=https://prjA.cn-guangzhou.log.aliyuncs.com/es/ \
            -e SLS_ENDPOINT2=https://prjB.cn-guangzhou.log.aliyuncs.com/es/ \ 
            -e SLS_PROJECT=prjA \
            -e SLS_PROJECT2=prjB \
            -e SLS_ACCESS_KEY_ID=${aliyunAccessId} \ 
            -e SLS_ACCESS_KEY_SECRET=${aliyunAccessKey} \ 
            -e SLS_ACCESS_KEY_ID2=${aliyunAccessId} \ # If the value is the same as SLS_ACCESS_KEY_ID, you do not need to configure this variable.
            -e SLS_ACCESS_KEY_SECRET2=${aliyunAccessKey} \ # If the value is the same as SLS_ACCESS_KEY_SECRET, you do not need to configure this variable.
            -p 9201:9201 \
            -ti sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8
  • Example 1

    Connect to two projects (prjA and prjB) that use the same AccessKey pair.

    sudo docker pull sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8
    sudo docker run  -d --name proxy \
                -e ES_ENDPOINT=${IP address of the server where Elasticsearch is deployed}:9200 \
                -e SLS_ENDPOINT=https://prjA.cn-guangzhou.log.aliyuncs.com/es/ \
                -e SLS_ENDPOINT2=https://prjB.cn-guangzhou.log.aliyuncs.com/es/ \
                -e SLS_PROJECT=prjA \
                -e SLS_PROJECT2=prjB \
                -e SLS_ACCESS_KEY_ID=${aliyunAccessId} \
                -e SLS_ACCESS_KEY_SECRET=${aliyunAccessKey} \
                -p 9201:9201 \
                -ti sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8
  • Example 2

    Connect to three projects (prjA, prjB, and prjC), where prjA and prjC use the same AccessKey pair.

    sudo docker run  -d --name proxy \
                -e ES_ENDPOINT=${IP address of the server where Elasticsearch is deployed}:9200 \
                -e SLS_ENDPOINT=https://prjA.cn-guangzhou.log.aliyuncs.com/es/ \
                -e SLS_ENDPOINT2=https://prjB.cn-guangzhou.log.aliyuncs.com/es/ \
                -e SLS_ENDPOINT3=https://prjC.cn-guangzhou.log.aliyuncs.com/es/ \
                -e SLS_PROJECT=prjA \
                -e SLS_PROJECT2=prjB \
                -e SLS_PROJECT3=prjC \
                -e SLS_ACCESS_KEY_ID=${aliyunAccessId} \
                -e SLS_ACCESS_KEY_SECRET=${aliyunAccessKey} \
                -e SLS_ACCESS_KEY_ID2=${aliyunAccessId} \
                -e SLS_ACCESS_KEY_SECRET2=${aliyunAccessKey} \            
                -p 9201:9201 \
                -ti sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kproxy:2.1.8

The following table describes the parameters.

Parameter

Description

ES_ENDPOINT

The endpoint of Elasticsearch. Format: ${IP address of the server where Elasticsearch is deployed}:9200.

SLS_ENDPOINT

The data access endpoint. Format: https://${project}.${sls-endpoint}/es/. In this format, ${project} is the project name and ${sls-endpoint} is the endpoint of the Simple Log Service project. For details, see Endpoints. Example: https://etl-guangzhou.cn-guangzhou.log.aliyuncs.com/es/.

Important

You must use the HTTPS protocol.

SLS_PROJECT

The name of the Simple Log Service project. For details, see Manage projects.

SLS_ACCESS_KEY_ID

The AccessKey ID for your Alibaba Cloud account or a RAM user.

We recommend using an AccessKey pair from a RAM user. The RAM user must have the permissions to query data from the Logstore. You can use the permission assistant to configure permissions. For details, see Configure the permission assistant. For information about obtaining an AccessKey pair, see AccessKey pair.

SLS_ACCESS_KEY_SECRET

The AccessKey secret for your Alibaba Cloud account or a RAM user.

We recommend using an AccessKey pair from a RAM user. The RAM user must have the permissions to query data from the Logstore. You can use the permission assistant to configure permissions. For details, see Configure the permission assistant. For information about obtaining an AccessKey pair, see AccessKey pair.

After the deployment is complete, run the following command to verify that the proxy is running. If you use a public IP address, you must add a security group rule to the server to allow inbound traffic on port 9201. For details, see Add a security group rule.

curl http://${IP address of the server where the proxy is deployed}:9201

A response containing security_exception indicates that the proxy is deployed successfully.

{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

Step 3: Deploy Kibana

This example deploys Kibana version 7.17.26.

sudo docker pull  sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kibana:7.17.26

sudo docker run -d --name kibana \
            -e ELASTICSEARCH_HOSTS=http://${IP address of the server where the proxy is deployed}:9201 \
            -e ELASTICSEARCH_USERNAME=elastic \
            -e ELASTICSEARCH_PASSWORD=passwd \
            -e XPACK_MONITORING_UI_CONTAINER_ELASTICSEARCH_ENABLED=true \
            -p 5601:5601 \
            sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kibana:7.17.26

Parameter

Description

ELASTICSEARCH_HOSTS

The endpoint of the proxy. Format: http://${IP address of the server where the proxy is deployed}:9201.

ELASTICSEARCH_USERNAME

The username to log in to Kibana.

This must be the same as the ELASTIC_USERNAME you configured when you deployed Elasticsearch.

ELASTICSEARCH_PASSWORD

The password to log in to Kibana.

This must be the same as the ELASTIC_PASSWORD you configured when you deployed Elasticsearch.

After the deployment is complete, enter http://${IP address of the server where Kibana is deployed}:5601 in your browser to access the Kibana login page. Log in with the username and password that you configured for Elasticsearch in Step 1.

Important

You must add port 5601 to the server's security group rules. For more information, see Add a security group rule.

http://${IP address of the server where Kibana is deployed}:5601

image

Step 2: Access Kibana

Query and analyze data

  1. In the left-side navigation pane, choose Analytics > Discover.

    Important

    The Elasticsearch-compatible API for Simple Log Service supports only the Discover and Dashboard modules in Kibana.

    image

  2. In the upper-left corner of the page, select the target index. In the upper-right corner, select a time range.

    image.png

Create index pattern (optional)

Important

By default, an index pattern is created automatically for Docker Compose or Helm deployments. If you perform a manual deployment with Docker, you must create an index pattern.

  1. In the left-side navigation pane, choose Management > Stack Management.image..png

  2. In the left-side navigation pane, choose Kibana > Index Patterns.

  3. On your first use, click create an index pattern against hidden or system indices in the prompt.image.png

    Note

    It is normal if you do not see any data in the index pattern list because you must manually create index patterns in Kibana for the Logstores in Simple Log Service.

  4. In the Create index pattern window, configure the parameters.

    image.png

    Parameter

    Description

    Name

    The index pattern name. The format is ${Simple Log Service project name}.${Logstore name}.

    Important

    You must enter the complete index pattern name because only exact matches are supported.

    For example, if the project name is etl-guangzhou and the Logstore name is es_test22, the index pattern name is etl-guangzhou.es_test22.

    Timestamp field

    Select @timestamp.

  5. Click Create index pattern.

Query string examples

  • For optimal performance, specify a field in your query.

    content: "Hello World"

    Queries without a specified field are less efficient because the system may need to concatenate multiple SQL fields to find a match.

    "Hello World"
  • Using an exact match is more efficient than using a * wildcard query.

    content: "Hello World"

    Avoid using the * wildcard in queries because it triggers a full scan, which increases response time for large data volumes.

    content: "Hello*"

FAQ

Cannot access Kibana with Docker Compose

  1. In the sls-kibana directory, run the docker compose ps command. Check the STATUS column to ensure all containers have a STATUS of UP.

    image.png

  2. If all three containers have a STATUS of UP, check the error logs for each container.

    docker logs sls-kibana_es_1 # View the startup logs of Elasticsearch.
    docker logs sls-kibana_kproxy_1 # View the startup logs of KProxy.
    docker logs sls-kibana_kibana_1 # View the startup logs of Kibana.

Cannot access Kibana with Helm

  1. Log on to the ACK console and choose Clusters from the left-side navigation pane.

  2. On the Clusters page, click the name of the target cluster, and then in the left-side navigation pane, choose Workloads > > > Stateful.

  3. Select sls-kibana as the namespace at the top of the page. Verify that Elasticsearch, Kibana, and KProxy have started correctly. For more information about how to view and edit the status of a stateful workload or redeploy applications in batches, see Create a StatefulSet.

Uninstall Helm

helm uninstall sls-kibana --namespace sls-kibana

Display high-precision timestamps in Kibana

  1. Ensure that high-precision timestamps are used for data collection or reporting in Simple Log Service. Configure a nanosecond-precision timestamp to enable nanosecond-level precision.

  2. After ensuring that high-precision time is collected, add an index for the __time_ns_part__ nanosecond field, which is of type long. Because some Kibana queries are converted to SQL, you must also include high-precision time values in the SQL results.

Upgrade a Helm chart

To upgrade a Helm chart, replace the install command with upgrade and reuse the values.yaml file from the installation.

helm upgrade sls-kibana https://sls-kproxy.oss-cn-hangzhou.aliyuncs.com/sls-kibana-1.5.5.tgz -f values.yaml --namespace sls-kibana

Delete index patterns in bulk

  1. List the index patterns that you want to delete.

    Prepare the kibana_config.json file:

    {
        "url" : "http://xxx:5601",
        "user" : "elastic",
        "password" : "",
        "space" :  "default"
    }

    Use ptn_list.py to list the existing index patterns and save the output to the /tmp/ptnlist.txt file.

    ➜  python ptn_list.py kibana_config.json > /tmp/ptnlist.txt

    Edit the /tmp/ptnlist.txt file to keep only the index patterns you want to delete.

    54c0d6c0-****-****-****-15adf26175c7	etl-dev.batch_test52
    54266b80-****-****-****-15adf26175c7	etl-dev.batch_test51
    52f369c0-****-****-****-15adf26175c7	etl-dev.batch_test49
    538ceaa0-****-****-****-15adf26175c7	etl-dev.batch_test50
  2. Use ptn_delete.py to delete the index patterns.

    Note

    Deleting an index pattern renders its associated dashboards and other objects unusable. Ensure that the index patterns you are deleting are no longer needed.

    # Check the /tmp/ptnlist.txt file to confirm the index patterns to be deleted.
    ➜  cat /tmp/ptnlist.txt
    
    # Run the delete command.
    ➜  python ptn_delete.py kibana_config.json /tmp/ptnlist.txt