commit 828bfa1adc6d381ca0f9d0277ae5499df9186d5e Author: colben Date: Sun Aug 29 00:02:22 2021 +0800 first commit diff --git a/README.en.md b/README.en.md new file mode 100644 index 0000000..bc00b7b --- /dev/null +++ b/README.en.md @@ -0,0 +1,5 @@ +# myfilebeat + +#### Description +filebeat common config + diff --git a/README.md b/README.md new file mode 100644 index 0000000..51cac9b --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# myfilebeat + +#### 介绍 +filebeat 常用配置 + diff --git a/filebeat.service b/filebeat.service new file mode 100644 index 0000000..6abeef6 --- /dev/null +++ b/filebeat.service @@ -0,0 +1,10 @@ +[Unit] +Description=Elastic FileBeat +After=network.target + +[Service] +ExecStart=/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml + +[Install] +WantedBy=multi-user.target + diff --git a/filebeat.yml b/filebeat.yml new file mode 100644 index 0000000..ff47cf0 --- /dev/null +++ b/filebeat.yml @@ -0,0 +1,21 @@ +#================================ Processors ================================== +processors: +- drop_fields: + fields: ["beat.name", "beat.version", "offset"] + +#========================== Elasticsearch output ============================== +output.elasticsearch: + enabled: true + hosts: [] + +#============================= Filebeat config ================================ +filebeat.config: + prospectors: + enabled: true + path: prospectors.d/*.yml + reload.enabled: true + reload.period: 10s + +#============================= Xpack Monitoring =============================== +xpack.monitoring.enabled: true + diff --git a/kibana/dashboard/abnormal.json b/kibana/dashboard/abnormal.json new file mode 100644 index 0000000..ad94687 --- /dev/null +++ b/kibana/dashboard/abnormal.json @@ -0,0 +1,18 @@ +[ + { + "_id": "59d930f0-834c-11e9-ad88-85624cce68b5", + "_type": "dashboard", + "_source": { + "title": "服务器异常汇总", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":1,\"y\":0,\"w\":5,\"h\":3,\"i\":\"1\"},\"id\":\"4fb3a570-834b-11e9-ad88-85624cce68b5\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":6,\"y\":0,\"w\":6,\"h\":3,\"i\":\"2\"},\"id\":\"9f5a1e60-834b-11e9-ad88-85624cce68b5\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":3,\"w\":3,\"h\":3,\"i\":\"3\"},\"id\":\"e8e33120-834b-11e9-ad88-85624cce68b5\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":6,\"y\":3,\"w\":6,\"h\":3,\"i\":\"4\"},\"id\":\"8d21a870-8301-11e9-ad88-85624cce68b5\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":0,\"w\":1,\"h\":3,\"i\":\"5\"},\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":3,\"y\":3,\"w\":3,\"h\":3,\"i\":\"6\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"d65da6a0-85b4-11e9-9656-5f1225242944\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":6,\"y\":6,\"w\":6,\"h\":3,\"i\":\"7\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"a15e2260-8846-11e9-9656-5f1225242944\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":0,\"y\":6,\"w\":6,\"h\":3,\"i\":\"8\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"93d4c0a0-adcf-11e9-82d1-df99ba321bd2\"}]", + "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"search100\",\"params\":{\"query\":\"search100\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"search100\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}" + } + } + } +] \ No newline at end of file diff --git a/kibana/dashboard/access.json b/kibana/dashboard/access.json new file mode 100644 index 0000000..9fd89a7 --- /dev/null +++ b/kibana/dashboard/access.json @@ -0,0 +1,18 @@ +[ + { + "_id": "9beb0d70-0ca9-11e9-98f8-c53bf18cb006", + "_type": "dashboard", + "_source": { + "title": "系统访问统计", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":1,\"y\":0,\"w\":11,\"h\":3,\"i\":\"1\"},\"id\":\"d1906110-0ca8-11e9-98f8-c53bf18cb006\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":3,\"w\":5,\"h\":3,\"i\":\"2\"},\"id\":\"d998eae0-0ca7-11e9-98f8-c53bf18cb006\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":5,\"y\":3,\"w\":2,\"h\":6,\"i\":\"5\"},\"id\":\"fc53d820-1106-11e9-8819-7f8b8589cf6c\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":6,\"w\":5,\"h\":3,\"i\":\"6\"},\"id\":\"62d35850-1940-11e9-85e4-c396c5d0cddf\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":0,\"y\":9,\"w\":6,\"h\":6,\"i\":\"7\"},\"id\":\"87286d00-68df-11e9-82d1-df99ba321bd2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":0,\"y\":15,\"w\":6,\"h\":6,\"i\":\"8\"},\"id\":\"b9a0ce30-68df-11e9-82d1-df99ba321bd2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":6,\"y\":9,\"w\":6,\"h\":6,\"i\":\"9\"},\"id\":\"4138be30-acfa-11e9-82d1-df99ba321bd2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":0,\"w\":1,\"h\":3,\"i\":\"10\"},\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":7,\"y\":3,\"w\":5,\"h\":3,\"i\":\"11\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"67b569c0-acf8-11e9-82d1-df99ba321bd2\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":7,\"y\":6,\"w\":5,\"h\":3,\"i\":\"12\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"bd07e970-acf8-11e9-82d1-df99ba321bd2\"}]", + "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" + } + } + } +] \ No newline at end of file diff --git a/kibana/dashboard/kafka.json b/kibana/dashboard/kafka.json new file mode 100644 index 0000000..5f66151 --- /dev/null +++ b/kibana/dashboard/kafka.json @@ -0,0 +1,18 @@ +[ + { + "_id": "3a948e00-8438-11e9-9656-5f1225242944", + "_type": "dashboard", + "_source": { + "title": "Kafka", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":4,\"i\":\"1\",\"w\":12,\"x\":0,\"y\":3},\"id\":\"d5f67f80-8437-11e9-9656-5f1225242944\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":3,\"i\":\"2\",\"w\":11,\"x\":1,\"y\":0},\"id\":\"8a6fd9f0-8435-11e9-9656-5f1225242944\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"gridData\":{\"h\":3,\"i\":\"3\",\"w\":1,\"x\":0,\"y\":0},\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.2.4\"}]", + "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"monitor.kafka.topic\",\"value\":\"wangmei_raw\",\"params\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"monitor.kafka.topic\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}" + } + } + } +] \ No newline at end of file diff --git a/kibana/dashboard/port.json b/kibana/dashboard/port.json new file mode 100644 index 0000000..d0cc740 --- /dev/null +++ b/kibana/dashboard/port.json @@ -0,0 +1,18 @@ +[ + { + "_id": "e9a89150-7dd7-11e9-ad88-85624cce68b5", + "_type": "dashboard", + "_source": { + "title": "查看指定端口的连接量", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":1,\"y\":0,\"w\":11,\"h\":9,\"i\":\"1\"},\"title\":\"端口连接分布\",\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"04b89ff0-7d68-11e9-ad88-85624cce68b5\",\"embeddableConfig\":{\"spy\":null}},{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":1,\"h\":3,\"i\":\"2\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\"}]", + "optionsJSON": "{\"darkTheme\":false,\"useMargins\":true,\"hidePanelTitles\":false}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"monitor.conn.port\",\"value\":\"3306\",\"params\":{\"query\":\"3306\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"monitor.conn.port\":{\"query\":\"3306\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}" + } + } + } +] \ No newline at end of file diff --git a/kibana/dashboard/server-detail.json b/kibana/dashboard/server-detail.json new file mode 100644 index 0000000..d98972a --- /dev/null +++ b/kibana/dashboard/server-detail.json @@ -0,0 +1,18 @@ +[ + { + "_id": "5dd7aac0-7e96-11e9-ad88-85624cce68b5", + "_type": "dashboard", + "_source": { + "title": "服务器详情", + "hits": 0, + "description": "", + "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":1,\"y\":0,\"w\":3,\"h\":3,\"i\":\"1\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 60\":\"rgb(165,0,38)\",\"60 - 80\":\"rgb(255,255,190)\",\"80 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false}},\"id\":\"b8fc7020-7e91-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":4,\"y\":0,\"w\":3,\"h\":3,\"i\":\"2\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 60\":\"rgb(0,104,55)\",\"60 - 80\":\"rgb(255,255,190)\",\"80 - 100\":\"rgb(165,0,38)\"},\"legendOpen\":false}},\"id\":\"ff9344f0-7e91-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":7,\"y\":0,\"w\":5,\"h\":3,\"i\":\"3\"},\"embeddableConfig\":{\"spy\":null,\"vis\":{\"legendOpen\":false}},\"id\":\"11d2fb90-7e94-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":7,\"w\":4,\"h\":3,\"i\":\"4\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"8f73d660-7e8e-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":4,\"y\":7,\"w\":4,\"h\":3,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"f84666d0-7e8e-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":8,\"y\":7,\"w\":4,\"h\":3,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"88d34100-7e8f-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":4,\"y\":16,\"w\":4,\"h\":2,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"0ed18e70-7f70-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":13,\"w\":12,\"h\":3,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"6ea347d0-7f70-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":8,\"y\":16,\"w\":4,\"h\":2,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"a76d3e90-7f70-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":0,\"y\":16,\"w\":4,\"h\":2,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"d83e5860-7f70-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":3,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"id\":\"174ad510-7f67-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":0,\"y\":3,\"w\":6,\"h\":2,\"i\":\"14\"},\"id\":\"09975710-8046-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":5,\"w\":6,\"h\":2,\"i\":\"15\"},\"id\":\"c9413d00-8047-11e9-ad88-85624cce68b5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":6,\"y\":3,\"w\":6,\"h\":4,\"i\":\"16\"},\"version\":\"6.2.4\",\"type\":\"search\",\"id\":\"8d21a870-8301-11e9-ad88-85624cce68b5\"},{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":0,\"w\":1,\"h\":3,\"i\":\"17\"},\"version\":\"6.2.4\",\"type\":\"visualization\",\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\"}]", + "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"redis103\",\"params\":{\"query\":\"redis103\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"redis103\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}" + } + } + } +] \ No newline at end of file diff --git a/kibana/dashboard/server-general.json b/kibana/dashboard/server-general.json new file mode 100644 index 0000000..4230e45 --- /dev/null +++ b/kibana/dashboard/server-general.json @@ -0,0 +1,18 @@ +[ + { + "_id": "2a121b70-808b-11e9-ad88-85624cce68b5", + "_type": "dashboard", + "_source": { + "title": "服务器概览", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"1\",\"w\":5,\"x\":1,\"y\":0},\"id\":\"2b5e0b20-8085-11e9-ad88-85624cce68b5\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"2\",\"w\":6,\"x\":6,\"y\":0},\"id\":\"84681490-8085-11e9-ad88-85624cce68b5\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"3\",\"w\":12,\"x\":0,\"y\":3},\"id\":\"ad133180-8086-11e9-ad88-85624cce68b5\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"4\",\"w\":12,\"x\":0,\"y\":9},\"id\":\"4385b8b0-808a-11e9-ad88-85624cce68b5\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"5\",\"w\":12,\"x\":0,\"y\":6},\"id\":\"7c7f4af0-808a-11e9-ad88-85624cce68b5\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"6\",\"w\":12,\"x\":0,\"y\":15},\"id\":\"99d6f5a0-8088-11e9-ad88-85624cce68b5\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":3,\"i\":\"7\",\"w\":12,\"x\":0,\"y\":12},\"id\":\"923f7d20-8089-11e9-ad88-85624cce68b5\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"gridData\":{\"h\":3,\"i\":\"8\",\"w\":1,\"x\":0,\"y\":0},\"id\":\"17980860-8351-11e9-ad88-85624cce68b5\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.2.4\"}]", + "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"beat.hostname\",\"value\":\"emotion110, region109, yq108\",\"params\":[\"emotion110\",\"region109\",\"yq108\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"beat.hostname\":\"emotion110\"}},{\"match_phrase\":{\"beat.hostname\":\"region109\"}},{\"match_phrase\":{\"beat.hostname\":\"yq108\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"beat.hostname\",\"value\":\"node105, node104, node102\",\"params\":[\"node105\",\"node104\",\"node102\"],\"negate\":false,\"disabled\":true,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"beat.hostname\":\"node105\"}},{\"match_phrase\":{\"beat.hostname\":\"node104\"}},{\"match_phrase\":{\"beat.hostname\":\"node102\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true}" + } + } + } +] \ No newline at end of file diff --git a/kibana/search/java.json b/kibana/search/java.json new file mode 100644 index 0000000..3be8da0 --- /dev/null +++ b/kibana/search/java.json @@ -0,0 +1,27 @@ +[ + { + "_id": "a15e2260-8846-11e9-9656-5f1225242944", + "_type": "search", + "_source": { + "title": "JAVA 报错", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "java.process", + "java.class", + "java.function", + "java.line_num", + "java.log.content" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"java.log.level\",\"value\":\"ERROR\",\"params\":{\"query\":\"ERROR\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"java.log.level\":{\"query\":\"ERROR\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + } +] diff --git a/kibana/search/kafka.json b/kibana/search/kafka.json new file mode 100644 index 0000000..76ed05c --- /dev/null +++ b/kibana/search/kafka.json @@ -0,0 +1,28 @@ +[ + { + "_id": "d4c0e280-8433-11e9-9656-5f1225242944", + "_type": "search", + "_source": { + "title": "Kafka Offset", + "description": "", + "hits": 0, + "columns": [ + "monitor.kafka.client_host", + "monitor.kafka.consumer_group", + "monitor.kafka.topic", + "monitor.kafka.current_offset", + "monitor.kafka.end_offset", + "monitor.kafka.lag", + "monitor.kafka.partition" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"kafka106\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"kafka106\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"kafka106\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.kafka.topic\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.topic\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.consumer_group\",\"negate\":false,\"params\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"yuqing_v1.12\"},\"query\":{\"match\":{\"monitor.kafka.consumer_group\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"}}}}]}" + } + } + } +] \ No newline at end of file diff --git a/kibana/search/mysql.json b/kibana/search/mysql.json new file mode 100644 index 0000000..ab983fc --- /dev/null +++ b/kibana/search/mysql.json @@ -0,0 +1,48 @@ +[ + { + "_id": "2b1b1100-09dc-11e9-b283-47528513fd78", + "_type": "search", + "_source": { + "title": "Mysql 异常", + "description": "", + "hits": 0, + "columns": [ + "message" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/mysqld/error.log\",\"params\":{\"query\":\"/var/log/mysqld/error.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/mysqld/error.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "4791e6b0-09dc-11e9-b283-47528513fd78", + "_type": "search", + "_source": { + "title": "Mysql 慢查询", + "description": "", + "hits": 0, + "columns": [ + "mysql.slowlog.user", + "mysql.slowlog.ip", + "mysql.slowlog.query_time.sec", + "mysql.slowlog.lock_time.sec", + "mysql.slowlog.rows_examined", + "mysql.slowlog.rows_sent", + "mysql.slowlog.query" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/mysqld/slow.log\",\"params\":{\"query\":\"/var/log/mysqld/slow.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/mysqld/slow.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + } +] \ No newline at end of file diff --git a/kibana/search/nginx.json b/kibana/search/nginx.json new file mode 100644 index 0000000..051f85e --- /dev/null +++ b/kibana/search/nginx.json @@ -0,0 +1,91 @@ +[ + { + "_id": "68594410-09d7-11e9-b283-47528513fd78", + "_type": "search", + "_source": { + "title": "Nginx 报错", + "description": "", + "hits": 0, + "columns": [ + "message" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/error.log\",\"params\":{\"query\":\"/var/log/nginx/error.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/error.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "efd03910-0fec-11e9-8819-7f8b8589cf6c", + "_type": "search", + "_source": { + "title": "Nginx 非法请求", + "description": "", + "hits": 0, + "columns": [ + "nginx.access.remote_ip", + "nginx.access.method", + "nginx.access.url", + "nginx.access.agent" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access-illegal.log, /var/log/nginx/www.goldeneye.cn/access-illegal.log\",\"params\":[\"/var/log/nginx/qyjs360.com/access-illegal.log\",\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source\":\"/var/log/nginx/qyjs360.com/access-illegal.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "3e9b9ec0-acf2-11e9-82d1-df99ba321bd2", + "_type": "search", + "_source": { + "title": "與情 Nginx 正常访问", + "description": "", + "hits": 0, + "columns": [ + "nginx.access.remote_ip", + "nginx.access.os", + "nginx.access.url", + "nginx.access.agent" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"params\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "476794a0-09d7-11e9-b283-47528513fd78", + "_type": "search", + "_source": { + "title": "企业军师 Nginx 正常访问", + "description": "", + "hits": 0, + "columns": [ + "nginx.access.remote_ip", + "nginx.access.os", + "nginx.access.url", + "nginx.access.agent" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access.log\",\"params\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + } +] \ No newline at end of file diff --git a/kibana/search/os.json b/kibana/search/os.json new file mode 100644 index 0000000..b5df973 --- /dev/null +++ b/kibana/search/os.json @@ -0,0 +1,325 @@ +[ + { + "_id": "65129a00-09d6-11e9-b283-47528513fd78", + "_type": "search", + "_source": { + "title": "操作系统登陆日志", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "login.rhost", + "login.method", + "login.user", + "login.result" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":true,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"login.rhost\",\"value\":\"172.17.251.5\",\"params\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"login.rhost\":{\"query\":\"172.17.251.5\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "4fb3a570-834b-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "CPU 使用超过 80%", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.cpu.user", + "monitor.cpu.system", + "monitor.cpu.wait", + "monitor.cpu.idle" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.cpu.idle\",\"value\":\"0 to 20\",\"params\":{\"gte\":0,\"lt\":20}},\"range\":{\"monitor.cpu.idle\":{\"gte\":0,\"lt\":20}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "7ccc0500-7e11-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "CPU 查询", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.cpu.user", + "monitor.cpu.system", + "monitor.cpu.idle", + "monitor.cpu.wait" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/cpu-*.log\"},\"filter\":[]}" + } + } + }, + { + "_id": "69059000-7f0f-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "IO 查询", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.io.dev", + "monitor.io.tps", + "monitor.io.rd", + "monitor.io.wr", + "monitor.io.wait", + "monitor.io.util" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/io-*.log\"},\"filter\":[]}" + } + } + }, + { + "_id": "92c209e0-7e34-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "Disk 查询", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.disk.partition", + "monitor.disk.used" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}" + } + } + }, + { + "_id": "33688dc0-7e34-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "MEM 查询", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.mem.used" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/mem-*.log\"},\"filter\":[]}" + } + } + }, + { + "_id": "9f5a1e60-834b-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "MEM 使用超过 80%", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.mem.used", + "monitor.mem.buffers", + "monitor.mem.cache", + "monitor.mem.free" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.mem.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.mem.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "e8e33120-834b-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "分区使用超过 80%", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.disk.partition", + "monitor.disk.used" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"range\",\"key\":\"monitor.disk.used\",\"value\":\"80 to 100\",\"params\":{\"gte\":80,\"lt\":100}},\"range\":{\"monitor.disk.used\":{\"gte\":80,\"lt\":100}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "2f67e7d0-7f0a-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "磁盘空间查询", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.disk.partition", + "monitor.disk.used" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/disk-*.log\"},\"filter\":[]}" + } + } + }, + { + "_id": "37644d50-7d40-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "端口连接量查询", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.conn.server", + "monitor.conn.port", + "monitor.conn.count" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/conn-*.log\"},\"filter\":[]}" + } + } + }, + { + "_id": "94288030-7f0f-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "网卡流量查询", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.net.dev", + "monitor.net.rx", + "monitor.net.tx" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"source: \\\\/var\\\\/log\\\\/monitor\\\\/net-*.log\"},\"filter\":[]}" + } + } + }, + { + "_id": "d65da6a0-85b4-11e9-9656-5f1225242944", + "_type": "search", + "_source": { + "title": "网络不通", + "description": "", + "hits": 0, + "columns": [ + "monitor.ping.server", + "monitor.ping.state" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.state_code\",\"negate\":true,\"params\":{\"query\":1,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":1},\"query\":{\"match\":{\"monitor.ping.state_code\":{\"query\":1,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.ping.server\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.ping.server\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + }, + { + "_id": "8d21a870-8301-11e9-ad88-85624cce68b5", + "_type": "search", + "_source": { + "title": "非正常的 service 和 daemon", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "monitor.proc.proc", + "monitor.proc.type", + "monitor.proc.state" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"exists\":{\"field\":\"monitor.proc.proc\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.proc\",\"negate\":false,\"type\":\"exists\",\"value\":\"exists\"}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.proc.state_code\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\"},\"query\":{\"match\":{\"monitor.proc.state_code\":{\"query\":0,\"type\":\"phrase\"}}}}]}" + } + } + }, + { + "_id": "93d4c0a0-adcf-11e9-82d1-df99ba321bd2", + "_type": "search", + "_source": { + "title": "操作系统异常登陆", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "login.rhost", + "login.method", + "login.user", + "login.result" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"source\",\"negate\":false,\"params\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"/var/log/secure\"},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/secure\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"login.rhost\",\"value\":\"172.17.102.100, 162.105.88.41\",\"params\":[\"172.17.102.100\",\"162.105.88.41\"],\"negate\":true,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"login.rhost\":\"172.17.102.100\"}},{\"match_phrase\":{\"login.rhost\":\"162.105.88.41\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + } +] diff --git a/kibana/search/shell.json b/kibana/search/shell.json new file mode 100644 index 0000000..6483b22 --- /dev/null +++ b/kibana/search/shell.json @@ -0,0 +1,23 @@ +[ + { + "_id": "1712ed30-14a0-11e9-85e4-c396c5d0cddf", + "_type": "search", + "_source": { + "title": "代理 Tunnel 日志", + "description": "", + "hits": 0, + "columns": [ + "beat.hostname", + "shell.log.content" + ], + "sort": [ + "@timestamp", + "desc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"source: \\\\/qyjs\\\\/logs\\\\/tunnel\\\\/*.log\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"beat.hostname\",\"value\":\"spider101, spider107\",\"params\":[\"spider101\",\"spider107\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"beat.hostname\":\"spider101\"}},{\"match_phrase\":{\"beat.hostname\":\"spider107\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}" + } + } + } +] \ No newline at end of file diff --git a/kibana/visualization/kafka.json b/kibana/visualization/kafka.json new file mode 100644 index 0000000..5a368a5 --- /dev/null +++ b/kibana/visualization/kafka.json @@ -0,0 +1,30 @@ +[ + { + "_id": "d5f67f80-8437-11e9-9656-5f1225242944", + "_type": "visualization", + "_source": { + "title": "Kafka 概览", + "visState": "{\"title\":\"Kafka 概览\",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"offset\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"生产者位移\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"normal\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"data\":{\"id\":\"2\",\"label\":\"消费者位移\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.kafka.end_offset\",\"customLabel\":\"生产者位移\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.kafka.current_offset\",\"customLabel\":\"消费者位移\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.kafka.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"分区\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"monitor.kafka.consumer_group\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"消费组\",\"row\":true}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"monitor.kafka.topic\",\"value\":\"wangmei_raw\",\"params\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"monitor.kafka.topic\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "8a6fd9f0-8435-11e9-9656-5f1225242944", + "_type": "visualization", + "_source": { + "title": "Kafka 消费者滞后情况", + "visState": "{\"title\":\"Kafka 消费者滞后情况\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-2\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"offset\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"offset\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"lineWidth\":4,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.kafka.lag\",\"customLabel\":\"offset\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.kafka.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"分区\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"monitor.kafka.consumer_group\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"消费组\",\"row\":true}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.consumer_group\",\"negate\":false,\"params\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"yuqing_v1.12\"},\"query\":{\"match\":{\"monitor.kafka.consumer_group\":{\"query\":\"yuqing_v1.12\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"monitor.kafka.topic\",\"negate\":false,\"params\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"wangmei_raw\"},\"query\":{\"match\":{\"monitor.kafka.topic\":{\"query\":\"wangmei_raw\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + } +] \ No newline at end of file diff --git a/kibana/visualization/menu.json b/kibana/visualization/menu.json new file mode 100644 index 0000000..31f1fe4 --- /dev/null +++ b/kibana/visualization/menu.json @@ -0,0 +1,16 @@ +[ + { + "_id": "17980860-8351-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "导航", + "visState": "{\"title\":\"导航\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"[访问统计](#/dashboard/9beb0d70-0ca9-11e9-98f8-c53bf18cb006)\\n\\n[异常汇总](#/dashboard/59d930f0-834c-11e9-ad88-85624cce68b5)\\n\\n[概览](#/dashboard/2a121b70-808b-11e9-ad88-85624cce68b5)\\n\\n[详情](#/dashboard/5dd7aac0-7e96-11e9-ad88-85624cce68b5)\\n\\n[端口连接](#/dashboard/e9a89150-7dd7-11e9-ad88-85624cce68b5)\\n\\n[Kafka](#/dashboard/3a948e00-8438-11e9-9656-5f1225242944)\"},\"aggs\":[]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + } + } + } +] \ No newline at end of file diff --git a/kibana/visualization/nginx-geoip.json b/kibana/visualization/nginx-geoip.json new file mode 100644 index 0000000..bb32b1f --- /dev/null +++ b/kibana/visualization/nginx-geoip.json @@ -0,0 +1,47 @@ +[ + { + "_id": "87286d00-68df-11e9-82d1-df99ba321bd2", + "_type": "visualization", + "_source": { + "title": "企业军师访问分布", + "visState": "{\"title\":\"企业军师访问分布\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{\"_c\":[],\"_s\":1,\"_d\":true,\"_v\":true,\"_h\":0,\"_n\":false},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service

\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service

\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2}}]}", + "uiStateJSON": "{}", + "description": "", + "savedSearchId": "476794a0-09d7-11e9-b283-47528513fd78", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "4138be30-acfa-11e9-82d1-df99ba321bd2", + "_type": "visualization", + "_source": { + "title": "與情访问分布", + "visState": "{\"title\":\"與情访问分布\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{\"_c\":[],\"_s\":1,\"_d\":true,\"_v\":true,\"_h\":0,\"_n\":false},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors|OpenMapTiles|MapTiler|Elastic Maps Service

\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors|OpenMapTiles|MapTiler|Elastic Maps Service

\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2}}]}", + "uiStateJSON": "{}", + "description": "", + "savedSearchId": "3e9b9ec0-acf2-11e9-82d1-df99ba321bd2", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "b9a0ce30-68df-11e9-82d1-df99ba321bd2", + "_type": "visualization", + "_source": { + "title": "非法访问", + "visState": "{\"title\":\"非法访问\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{\"_c\":[],\"_s\":1,\"_d\":true,\"_v\":true,\"_h\":0,\"_n\":false},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service

\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4&license=1e6f68d4-d175-4939-b59b-f610a5777315\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"

© OpenStreetMap contributors | OpenMapTiles | MapTiler | Elastic Maps Service

\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2}}]}", + "uiStateJSON": "{}", + "description": "", + "savedSearchId": "efd03910-0fec-11e9-8819-7f8b8589cf6c", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + } +] \ No newline at end of file diff --git a/kibana/visualization/nginx.json b/kibana/visualization/nginx.json new file mode 100644 index 0000000..3cb961e --- /dev/null +++ b/kibana/visualization/nginx.json @@ -0,0 +1,86 @@ +[ + { + "_id": "d1906110-0ca8-11e9-98f8-c53bf18cb006", + "_type": "visualization", + "_source": { + "title": "nginx 访问量", + "visState": "{\"title\":\"nginx 访问量\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":true,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"访问量\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"area\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"访问量\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"访问量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"nginx\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log, /var/log/nginx/qyjs360.com/access.log, /var/log/nginx/access-kibana.log, /var/log/nginx/access-schedule.log\",\"params\":[\"/var/log/nginx/www.goldeneye.cn/access.log\",\"/var/log/nginx/qyjs360.com/access.log\",\"/var/log/nginx/access-kibana.log\",\"/var/log/nginx/access-schedule.log\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source\":\"/var/log/nginx/www.goldeneye.cn/access.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/qyjs360.com/access.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/access-kibana.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/access-schedule.log\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "d998eae0-0ca7-11e9-98f8-c53bf18cb006", + "_type": "visualization", + "_source": { + "title": "企业军师客户端 IP", + "visState": "{\"title\":\"企业军师客户端 IP\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":false,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access.log\",\"params\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "62d35850-1940-11e9-85e4-c396c5d0cddf", + "_type": "visualization", + "_source": { + "title": "企业军师客户端 OS", + "visState": "{\"title\":\"企业军师客户端 OS\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.os\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"nginx\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access.log\",\"params\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/qyjs360.com/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "67b569c0-acf8-11e9-82d1-df99ba321bd2", + "_type": "visualization", + "_source": { + "title": "與情客户端 IP", + "visState": "{\"title\":\"與情客户端 IP\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":false,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"nginx\",\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"params\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "bd07e970-acf8-11e9-82d1-df99ba321bd2", + "_type": "visualization", + "_source": { + "title": "與情客户端 OS", + "visState": "{\"title\":\"與情客户端 OS\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.os\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"nginx\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"source\",\"value\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"params\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"source\":{\"query\":\"/var/log/nginx/www.goldeneye.cn/access.log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "fc53d820-1106-11e9-8819-7f8b8589cf6c", + "_type": "visualization", + "_source": { + "title": "非法访问排名", + "visState": "{\"title\":\"非法访问排名\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":true,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"源地址\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"nginx\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"nginx\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"nginx\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"type\":\"phrases\",\"key\":\"source\",\"value\":\"/var/log/nginx/qyjs360.com/access-illegal.log, /var/log/nginx/www.goldeneye.cn/access-illegal.log\",\"params\":[\"/var/log/nginx/qyjs360.com/access-illegal.log\",\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"],\"negate\":false,\"disabled\":false,\"alias\":null},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source\":\"/var/log/nginx/qyjs360.com/access-illegal.log\"}},{\"match_phrase\":{\"source\":\"/var/log/nginx/www.goldeneye.cn/access-illegal.log\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + } +] \ No newline at end of file diff --git a/kibana/visualization/os.json b/kibana/visualization/os.json new file mode 100644 index 0000000..0efc60a --- /dev/null +++ b/kibana/visualization/os.json @@ -0,0 +1,310 @@ +[ + { + "_id": "04b89ff0-7d68-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "端口连接量", + "visState": "{\"title\":\"端口连接量\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"top\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"连接数量\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"连接数量\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.conn.count\",\"customLabel\":\"连接数量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"时间\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"服务器\",\"row\":true}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.conn.port\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"monitor.conn.port\",\"value\":\"8084\",\"params\":{\"query\":\"8084\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"monitor.conn.port\":{\"query\":\"8084\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "b8fc7020-7e91-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "CPU 空闲%", + "visState": "{\"title\":\"CPU 空闲%\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"verticalSplit\":false,\"extendRange\":true,\"percentageMode\":true,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":20},{\"from\":20,\"to\":40},{\"from\":40,\"to\":100}],\"invertColors\":true,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.idle\",\"customLabel\":\"最小空闲\"}}]}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 20\":\"rgb(165,0,38)\",\"20 - 40\":\"rgb(255,255,190)\",\"40 - 100\":\"rgb(0,104,55)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "ff9344f0-7e91-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "MEM 已用%", + "visState": "{\"title\":\"MEM 已用%\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"verticalSplit\":false,\"extendRange\":true,\"percentageMode\":true,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":60},{\"from\":60,\"to\":80},{\"from\":80,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.used\",\"customLabel\":\"最大已用\"}}]}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 60\":\"rgb(0,104,55)\",\"60 - 80\":\"rgb(255,255,190)\",\"80 - 100\":\"rgb(165,0,38)\"}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "71ae7a10-7f72-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘读写", + "visState": "{\"title\":\"磁盘读写\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":null},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"sec/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"最大读\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"data\":{\"id\":\"3\",\"label\":\"最大写\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"orderBucketsBySum\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.rd\",\"customLabel\":\"最大读\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wr\",\"customLabel\":\"最大写\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"redis110\",\"params\":{\"query\":\"redis110\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"redis110\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "174ad510-7f67-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "网卡流量趋势", + "visState": "{\"title\":\"网卡流量趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"入口平均流量\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"出口平均流量\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"KB/s\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.rx\",\"customLabel\":\"入口平均流量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.tx\",\"customLabel\":\"出口平均流量\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"monitor.net.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"网卡\",\"row\":false}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "88d34100-7e8f-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘使用趋势", + "visState": "{\"title\":\"磁盘使用趋势\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"%\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"radiusRatio\":77},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.disk.used\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.disk.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"分区\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "c9413d00-8047-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "网卡流量", + "visState": "{\"title\":\"网卡流量\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":30,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.rx\",\"customLabel\":\"入口最大流量 KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.tx\",\"customLabel\":\"出口最大流量KB/s\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.net.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":9,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"网卡\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "09975710-8046-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘 IO 流量", + "visState": "{\"title\":\"磁盘 IO 流量\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":30}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wr\",\"customLabel\":\"写入最大流量 KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.rd\",\"customLabel\":\"读出最大流量 KB/s\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":9,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "6ea347d0-7f70-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘读写趋势", + "visState": "{\"title\":\"磁盘读写趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"平均读\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"normal\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"4\",\"label\":\"平均写\"},\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"KB/s\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.rd\",\"customLabel\":\"平均读\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wr\",\"customLabel\":\"平均写\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\",\"row\":false}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "923f7d20-8089-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "网卡入口最大流量统计", + "visState": "{\"title\":\"网卡入口最大流量统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"KB/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"KB/s\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.rx\",\"customLabel\":\"KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.net.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"网卡\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "99d6f5a0-8088-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "网卡出口最大流量统计", + "visState": "{\"title\":\"网卡出口最大流量统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"top\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"KB/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"KB/s\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.net.tx\",\"customLabel\":\"KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.net.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"网卡\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "7c7f4af0-808a-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘最大写 IO 统计", + "visState": "{\"title\":\"磁盘最大写 IO 统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"KB/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"KB/s\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wr\",\"customLabel\":\"KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "4385b8b0-808a-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘最大读 IO 统计", + "visState": "{\"title\":\"磁盘最大读 IO 统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"top\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"KB/s\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"KB/s\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.rd\",\"customLabel\":\"KB/s\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"磁盘\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "f84666d0-7e8e-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "MEM 趋势", + "visState": "{\"title\":\"MEM 趋势\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"已用\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"3\",\"label\":\"缓冲\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"4\",\"label\":\"缓存\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"5\",\"label\":\"空闲\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"radiusRatio\":77},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.used\",\"customLabel\":\"已用\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.buffers\",\"customLabel\":\"缓冲\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.cache\",\"customLabel\":\"缓存\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.free\",\"customLabel\":\"空闲\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":true,\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"key\":\"beat.hostname\",\"negate\":false,\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"spider-master\"},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "8f73d660-7e8e-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "CPU 趋势", + "visState": "{\"title\":\"CPU 趋势\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"用户态\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"3\",\"label\":\"内核态\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"4\",\"label\":\"空闲\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"stacked\",\"type\":\"area\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"data\":{\"id\":\"5\",\"label\":\"等待\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"radiusRatio\":77},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.user\",\"customLabel\":\"用户态\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.system\",\"customLabel\":\"内核态\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.idle\",\"customLabel\":\"空闲\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.wait\",\"customLabel\":\"等待\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "d83e5860-7f70-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘消耗 CPU 趋势", + "visState": "{\"title\":\"磁盘消耗 CPU 趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"%\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"%\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.util\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"磁盘\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "a76d3e90-7f70-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘阻塞趋势", + "visState": "{\"title\":\"磁盘阻塞趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"us\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"us\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.wait\",\"customLabel\":\"us\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"磁盘\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "11d2fb90-7e94-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘空间%", + "visState": "{\"title\":\"磁盘空间%\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"最大已用\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"最大已用\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"orderBucketsBySum\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.disk.used\",\"customLabel\":\"最大已用\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"monitor.disk.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"分区\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"spider-master\",\"params\":{\"query\":\"spider-master\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"spider-master\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "84681490-8085-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "MEM 最大使用统计", + "visState": "{\"title\":\"MEM 最大使用统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true,\"setYExtents\":true,\"max\":100,\"min\":0},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"%\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.mem.used\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"服务器\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + }, + { + "_id": "ad133180-8086-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "硬盘最大使用统计", + "visState": "{\"title\":\"硬盘最大使用统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-2\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true,\"setYExtents\":true,\"max\":100,\"min\":0},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"%\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.disk.used\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.disk.partition\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"asc\",\"orderBy\":\"_term\",\"customLabel\":\"分区\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"服务器\",\"row\":false}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "0ed18e70-7f70-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "磁盘 TPS 趋势", + "visState": "{\"title\":\"磁盘 TPS 趋势\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"legendPosition\":\"right\",\"radiusRatio\":77,\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"次数\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":4,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"次数\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.io.tps\",\"customLabel\":\"次数\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"monitor.io.dev\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"磁盘\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[{\"meta\":{\"index\":\"c9e95990-7ac5-11e9-ad88-85624cce68b5\",\"negate\":false,\"disabled\":true,\"alias\":null,\"type\":\"phrase\",\"key\":\"beat.hostname\",\"value\":\"mysql111\",\"params\":{\"query\":\"mysql111\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"beat.hostname\":{\"query\":\"mysql111\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" + } + } + }, + { + "_id": "2b5e0b20-8085-11e9-ad88-85624cce68b5", + "_type": "visualization", + "_source": { + "title": "CPU 最小空闲统计", + "visState": "{\"title\":\"CPU 最小空闲统计\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":true,\"setYExtents\":true,\"max\":100,\"min\":0},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"%\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"%\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"monitor.cpu.idle\",\"customLabel\":\"%\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"beat.hostname\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"服务器\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"bb85dde0-09d4-11e9-b283-47528513fd78\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + } + } + } +] \ No newline at end of file diff --git a/pipelines/java.json b/pipelines/java.json new file mode 100644 index 0000000..2ff2907 --- /dev/null +++ b/pipelines/java.json @@ -0,0 +1,48 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/java -d ' +{ + "description" : "java", + "processors" : [ + { + "grok" : { + "field" : "message", + "patterns" : [ + "^%{JAVA_TIME:java.log.time}-\\[%{DATA:java.process}\\]-%{WORD:java.log.level}\\[%{DATA:java.thead}\\]%{WORD:java.class}\\.%{WORD:java.function}\\((?:%{NUMBER:java.line_num}|\\?)\\) \\| %{CONTENT:java.log.content}" + ], + "pattern_definitions" : { + "JAVA_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]", + "CONTENT" : "(.*\n?)*" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "java.log.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "java.log.time", + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "message" + } + } + ] +}' diff --git a/pipelines/monitor-conn.json b/pipelines/monitor-conn.json new file mode 100644 index 0000000..eb0fe82 --- /dev/null +++ b/pipelines/monitor-conn.json @@ -0,0 +1,52 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-conn -d ' +{ + "description": "monitor-conn", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{HOSTNAME:monitor.conn.server} %{NUMBER:monitor.conn.port} %{NUMBER:monitor.conn.count}" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.conn.count", + "type": "integer" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/monitor-cpu.json b/pipelines/monitor-cpu.json new file mode 100644 index 0000000..c3bfdc1 --- /dev/null +++ b/pipelines/monitor-cpu.json @@ -0,0 +1,70 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-cpu -d ' +{ + "description": "monitor-cpu", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{NUMBER:monitor.cpu.user} %{NUMBER:monitor.cpu.system} %{NUMBER:monitor.cpu.wait} %{NUMBER:monitor.cpu.idle}" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.cpu.user", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.cpu.system", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.cpu.wait", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.cpu.idle", + "type": "float" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/monitor-disk.json b/pipelines/monitor-disk.json new file mode 100644 index 0000000..d945adc --- /dev/null +++ b/pipelines/monitor-disk.json @@ -0,0 +1,52 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-disk -d ' +{ + "description": "monitor-disk", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.disk.partition} %{NUMBER:monitor.disk.used}" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.disk.used", + "type": "float" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/monitor-io.json b/pipelines/monitor-io.json new file mode 100644 index 0000000..8b7b1da --- /dev/null +++ b/pipelines/monitor-io.json @@ -0,0 +1,76 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-io -d ' +{ + "description": "monitor-io", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.io.dev} %{NUMBER:monitor.io.tps} %{NUMBER:monitor.io.rd} %{NUMBER:monitor.io.wr} %{NUMBER:monitor.io.wait} %{NUMBER:monitor.io.util}" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.io.tps", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.io.rd", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.io.wr", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.io.wait", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.io.util", + "type": "float" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/monitor-kafka.json b/pipelines/monitor-kafka.json new file mode 100644 index 0000000..fb149d6 --- /dev/null +++ b/pipelines/monitor-kafka.json @@ -0,0 +1,70 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-kafka?pretty -d ' +{ + "description": "monitor-kafka", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.kafka.topic} %{NUMBER:monitor.kafka.partition} %{NUMBER:monitor.kafka.current_offset} %{NUMBER:monitor.kafka.end_offset} %{NUMBER:monitor.kafka.lag} %{HOSTNAME:monitor.kafka.client_host} %{DATA:monitor.kafka.consumer_group}$" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.kafka.partition", + "type": "integer" + } + }, + { + "convert": { + "field": "monitor.kafka.current_offset", + "type": "integer" + } + }, + { + "convert": { + "field": "monitor.kafka.end_offset", + "type": "integer" + } + }, + { + "convert": { + "field": "monitor.kafka.lag", + "type": "integer" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/monitor-mem.json b/pipelines/monitor-mem.json new file mode 100644 index 0000000..47f201c --- /dev/null +++ b/pipelines/monitor-mem.json @@ -0,0 +1,70 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-mem -d ' +{ + "description": "monitor-mem", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{NUMBER:monitor.mem.used} %{NUMBER:monitor.mem.free} %{NUMBER:monitor.mem.buffers} %{NUMBER:monitor.mem.cache}" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.mem.used", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.mem.free", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.mem.buffers", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.mem.cache", + "type": "float" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/monitor-net.json b/pipelines/monitor-net.json new file mode 100644 index 0000000..36bd90a --- /dev/null +++ b/pipelines/monitor-net.json @@ -0,0 +1,58 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-net -d ' +{ + "description": "monitor-net", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.net.dev} %{NUMBER:monitor.net.rx} %{NUMBER:monitor.net.tx}" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.net.rx", + "type": "float" + } + }, + { + "convert": { + "field": "monitor.net.tx", + "type": "float" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/monitor-ping.json b/pipelines/monitor-ping.json new file mode 100644 index 0000000..f82798c --- /dev/null +++ b/pipelines/monitor-ping.json @@ -0,0 +1,52 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-ping -d ' +{ + "description": "monitor-ping", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{HOSTNAME:monitor.ping.server} %{DATA:monitor.ping.state} %{NUMBER:monitor.ping.state_code}" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.ping.state_code", + "type": "integer" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/monitor-proc.json b/pipelines/monitor-proc.json new file mode 100644 index 0000000..e274187 --- /dev/null +++ b/pipelines/monitor-proc.json @@ -0,0 +1,52 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-proc -d ' +{ + "description": "monitor-proc", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.proc.type}#%{DATA:monitor.proc.proc}#%{DATA:monitor.proc.state}#%{NUMBER:monitor.proc.state_code}" + ], + "pattern_definitions" : { + "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "YYYY-MM-dd H:m:s" + ], + "timezone" : "Asia/Shanghai", + "field" : "monitor.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "convert": { + "field": "monitor.proc.state_code", + "type": "integer" + } + }, + { + "remove": { + "field": "monitor.time" + } + }, + { + "remove": { + "field": "message" + } + } + ] + }' diff --git a/pipelines/mysql-slow.json b/pipelines/mysql-slow.json new file mode 100644 index 0000000..61df486 --- /dev/null +++ b/pipelines/mysql-slow.json @@ -0,0 +1,38 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/mysql-slow -d ' +{ + "description" : "mysql-slow", + "processors" : [ + { + "grok" : { + "field" : "message", + "patterns" : [ + "^# Time: %{DATA:mysql.slowlog.exec_time}\n# User@Host: (?:%{USER:mysql.slowlog.user}|)\\[(?:%{USER:mysql.slowlog.user}|)\\] @ (?:%{HOSTNAME:mysql.slowlog.ip}|) \\[(?:%{HOSTNAME:mysql.slowlog.ip}|)\\][^#]*# Query_time: %{NUMBER:mysql.slowlog.query_time.sec} Lock_time: %{NUMBER:mysql.slowlog.lock_time.sec} Rows_sent: %{NUMBER:mysql.slowlog.rows_sent} Rows_examined: %{NUMBER:mysql.slowlog.rows_examined}\n%{SQLS:mysql.slowlog.query}" + ], + "pattern_definitions" : { + "SQLS" : "(.*\n?)*" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "rename" : { + "field" : "mysql.slowlog.exec_time", + "target_field" : "@timestamp", + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "message" + } + } + ] +}' diff --git a/pipelines/nginx-access-with-geoip.json b/pipelines/nginx-access-with-geoip.json new file mode 100644 index 0000000..df1e14f --- /dev/null +++ b/pipelines/nginx-access-with-geoip.json @@ -0,0 +1,81 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/nginx-access -d ' +{ + "description" : "nginx-access", + "processors" : [ + { + "grok" : { + "field" : "message", + "patterns" : [ + "^%{DATA:nginx.access.remote_ip} - \\[%{HTTPDATE:nginx.access.time}\\] \"%{WORD:nginx.access.method} %{DATA:nginx.access.url}\" \"%{DATA:nginx.access.args}\" \"%{DATA:nginx.access.request_body}\" %{NUMBER:nginx.access.response_code} %{NUMBER:nginx.access.body_sent.bytes} \"%{DATA:nginx.access.referrer}\" \"%{DATA:nginx.access.agent}\" \"%{DATA:nginx.access.x_forward_for}\"" + ], + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "geoip" : { + "field" : "nginx.access.remote_ip", + "target_field" : "nginx.access.geoip", + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "dd/MMM/YYYY:H:m:s Z" + ], + "timezone" : "Asia/Shanghai", + "field" : "nginx.access.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "grok" : { + "field" : "nginx.access.agent", + "patterns" : [ + "%{ANDROID:nginx.access.os}", + "%{LINUX:nginx.access.os}", + "%{IOS:nginx.access.os}", + "%{MACOSX:nginx.access.os}", + "%{WINDOWS:nginx.access.os}", + "%{DARWIN:nginx.access.os}", + "%{SOGOU:nginx.access.os}", + "%{BINGBOT:nginx.access.os}", + "%{OFFICE:nginx.access.os}" + ], + "pattern_definitions" : { + "ANDROID" : "Android *[0-9]*", + "LINUX" : "Linux (x86_64|i386|i686)", + "IOS" : "OS [0-9]+", + "MACOSX" : "Mac OS X [0-9]+", + "WINDOWS" : "Windows NT [0-9.]+", + "DARWIN" : "Darwin", + "SOGOU" : "Sogou web spider", + "BINGBOT" : "bingbot", + "OFFICE" : "Microsoft Office [^ ]*" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "nginx.access.time", + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "message" + } + } + ] +}' diff --git a/pipelines/nginx-access.json b/pipelines/nginx-access.json new file mode 100644 index 0000000..f4136df --- /dev/null +++ b/pipelines/nginx-access.json @@ -0,0 +1,73 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/nginx-access -d ' +{ + "description" : "nginx-access", + "processors" : [ + { + "grok" : { + "field" : "message", + "patterns" : [ + "^%{DATA:nginx.access.remote_ip} - \\[%{HTTPDATE:nginx.access.time}\\] \"%{WORD:nginx.access.method} %{DATA:nginx.access.url}\" \"%{DATA:nginx.access.args}\" \"%{DATA:nginx.access.request_body}\" %{NUMBER:nginx.access.response_code} %{NUMBER:nginx.access.body_sent.bytes} \"%{DATA:nginx.access.referrer}\" \"%{DATA:nginx.access.agent}\" \"%{DATA:nginx.access.x_forward_for}\"" + ], + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "dd/MMM/YYYY:H:m:s Z" + ], + "timezone" : "Asia/Shanghai", + "field" : "nginx.access.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "grok" : { + "field" : "nginx.access.agent", + "patterns" : [ + "%{ANDROID:nginx.access.os}", + "%{LINUX:nginx.access.os}", + "%{IOS:nginx.access.os}", + "%{MACOSX:nginx.access.os}", + "%{WINDOWS:nginx.access.os}", + "%{DARWIN:nginx.access.os}", + "%{SOGOU:nginx.access.os}", + "%{BINGBOT:nginx.access.os}", + "%{OFFICE:nginx.access.os}" + ], + "pattern_definitions" : { + "ANDROID" : "Android *[0-9]*", + "LINUX" : "Linux (x86_64|i386|i686)", + "IOS" : "OS [0-9]+", + "MACOSX" : "Mac OS X [0-9]+", + "WINDOWS" : "Windows NT [0-9.]+", + "DARWIN" : "Darwin", + "SOGOU" : "Sogou web spider", + "BINGBOT" : "bingbot", + "OFFICE" : "Microsoft Office [^ ]*" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "nginx.access.time", + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "message" + } + } + ] +}' diff --git a/pipelines/secure-login.json b/pipelines/secure-login.json new file mode 100644 index 0000000..bc4fb44 --- /dev/null +++ b/pipelines/secure-login.json @@ -0,0 +1,51 @@ +curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/secure-login -d ' +{ + "description" : "secure-login", + "processors" : [ + { + "grok" : { + "field" : "message", + "patterns" : [ + "^%{LOGIN_TIME:login.time} [^ ]+ %{WORD:login.method}.*: %{RESULT:login.result} %{WORD:login.user} from %{HOSTNAME:login.rhost}", + "^%{LOGIN_TIME:login.time} [^ ]+ %{WORD:login.method}.*: %{RESULT:login.result} for %{WORD:login.user} from %{HOSTNAME:login.rhost}", + "^%{LOGIN_TIME:login.time} [^ ]+ %{WORD:login.method}.*: %{RESULT:login.result}; .*ruser=(?:%{WORD:login.ruser}|) rhost=(?:%{HOSTNAME:login.rhost}|) user=%{WORD:login.user}" + ], + "pattern_definitions" : { + "LOGIN_TIME" : "[^ ]+ ?[^ ]+ [^ ]+", + "RESULT" : "Invalid user|Accepted publickey|Accepted password|authentication failure" + }, + "ignore_missing" : true, + "ignore_failure" : true + } + }, + { + "rename" : { + "field" : "@timestamp", + "target_field" : "read_timestamp" + } + }, + { + "date" : { + "formats" : [ + "MMM d HH:mm:ss", + "MMM dd HH:mm:ss" + ], + "timezone" : "Asia/Shanghai", + "field" : "login.time", + "target_field" : "@timestamp", + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "login.time", + "ignore_failure" : true + } + }, + { + "remove" : { + "field" : "message" + } + } + ] +}' diff --git a/prospectors.d/java.yml b/prospectors.d/java.yml new file mode 100644 index 0000000..6377d10 --- /dev/null +++ b/prospectors.d/java.yml @@ -0,0 +1,13 @@ +#------------------------------ Java Log ------------------------------- +- type: log + enabled: true + paths: + - /xxxx/logs/*/*.log + multiline.pattern: "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9]" + multiline.negate: true + multiline.match: after + multiline.max_lines: 400 + multiline.timeout: 4s + tail_files: false + pipeline: java + diff --git a/prospectors.d/monitor-conn.yml b/prospectors.d/monitor-conn.yml new file mode 100644 index 0000000..3bb56be --- /dev/null +++ b/prospectors.d/monitor-conn.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor Port ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/conn-*.log + tail_files: false + pipeline: monitor-conn + diff --git a/prospectors.d/monitor-cpu.yml b/prospectors.d/monitor-cpu.yml new file mode 100644 index 0000000..37da331 --- /dev/null +++ b/prospectors.d/monitor-cpu.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor CPU ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/cpu-*.log + tail_files: false + pipeline: monitor-cpu + diff --git a/prospectors.d/monitor-disk.yml b/prospectors.d/monitor-disk.yml new file mode 100644 index 0000000..a80ee3a --- /dev/null +++ b/prospectors.d/monitor-disk.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor Disk ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/disk-*.log + tail_files: false + pipeline: monitor-disk + diff --git a/prospectors.d/monitor-io.yml b/prospectors.d/monitor-io.yml new file mode 100644 index 0000000..d31c4a2 --- /dev/null +++ b/prospectors.d/monitor-io.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor IO ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/io-*.log + tail_files: false + pipeline: monitor-io + diff --git a/prospectors.d/monitor-kafka.yml b/prospectors.d/monitor-kafka.yml new file mode 100644 index 0000000..b9698ac --- /dev/null +++ b/prospectors.d/monitor-kafka.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor Kafka ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/kafka-*.log + tail_files: false + pipeline: monitor-kafka + diff --git a/prospectors.d/monitor-mem.yml b/prospectors.d/monitor-mem.yml new file mode 100644 index 0000000..01f356c --- /dev/null +++ b/prospectors.d/monitor-mem.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor MEM ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/mem-*.log + tail_files: false + pipeline: monitor-mem + diff --git a/prospectors.d/monitor-net.yml b/prospectors.d/monitor-net.yml new file mode 100644 index 0000000..94a4552 --- /dev/null +++ b/prospectors.d/monitor-net.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor NET ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/net-*.log + tail_files: false + pipeline: monitor-net + diff --git a/prospectors.d/monitor-ping.yml b/prospectors.d/monitor-ping.yml new file mode 100644 index 0000000..7756754 --- /dev/null +++ b/prospectors.d/monitor-ping.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor Ping ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/ping-*.log + tail_files: false + pipeline: monitor-ping + diff --git a/prospectors.d/monitor-proc.yml b/prospectors.d/monitor-proc.yml new file mode 100644 index 0000000..d42c3cd --- /dev/null +++ b/prospectors.d/monitor-proc.yml @@ -0,0 +1,8 @@ +#---------------------------- Monitor Proc ----------------------------- +- type: log + enabled: true + paths: + - /var/log/monitor/proc-*.log + tail_files: false + pipeline: monitor-proc + diff --git a/prospectors.d/mysql.yml b/prospectors.d/mysql.yml new file mode 100644 index 0000000..cf99f25 --- /dev/null +++ b/prospectors.d/mysql.yml @@ -0,0 +1,24 @@ +#------------------------------- MySQL Log ------------------------------- +- type: log + enabled: true + paths: + - /var/log/mysqld/slow.log + multiline.pattern: "^# Time|^/usr/sbin/mysqld" + multiline.negate: true + multiline.match: after + multiline.max_lines: 400 + multiline.timeout: 4s + tail_files: false + pipeline: mysql-slow +- type: log + enabled: true + paths: + - /var/log/mysqld/error.log + include_lines: "[[Error]]" + multiline.pattern: "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9]T" + multiline.negate: true + multiline.match: after + multiline.max_lines: 400 + multiline.timeout: 4s + tail_files: false + diff --git a/prospectors.d/nginx.yml b/prospectors.d/nginx.yml new file mode 100644 index 0000000..3d8ca13 --- /dev/null +++ b/prospectors.d/nginx.yml @@ -0,0 +1,16 @@ +#------------------------------- Nginx Log ------------------------------- +- type: log + enabled: true + paths: + - /var/log/nginx/access.log + - /var/log/nginx/access-illegal.log + exclude_lines: ["favicon.ico"] + tail_files: false + pipeline: nginx-access +- type: log + enabled: true + paths: + - /var/log/nginx/error.log + exclude_lines: ["favicon.ico"] + tail_files: false + diff --git a/prospectors.d/secure.yml b/prospectors.d/secure.yml new file mode 100644 index 0000000..123d9bc --- /dev/null +++ b/prospectors.d/secure.yml @@ -0,0 +1,9 @@ +#------------------------------ Secure Log ------------------------------- +- type: log + enabled: true + paths: + - /var/log/secure + include_lines: [": Invalid user ", ": Accepted password ", ": Accepted publickey ", ": authentication failure;"] + tail_files: false + pipeline: secure-login + diff --git a/scripts/Monitor.service b/scripts/Monitor.service new file mode 100644 index 0000000..fc4c862 --- /dev/null +++ b/scripts/Monitor.service @@ -0,0 +1,11 @@ +[Unit] +Description=Monitor + +[Service] +ExecStart=/opt/scripts/Monitor.sh +TimeoutStopSec=8 +Restart=on-failure + +[Install] +WantedBy=multi-user.target + diff --git a/scripts/Monitor.sh b/scripts/Monitor.sh new file mode 100755 index 0000000..a63aaf8 --- /dev/null +++ b/scripts/Monitor.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +INTERVAL=2 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + type sar > /dev/null || exit 1 +} + +function Main { + cd $(dirname $0) || exit 1 + while sleep $INTERVAL; do + for proc in $(find . -type f -name "mon_*" \ + -executable); do + $proc & + done + done +} + +# start +Init +Main + diff --git a/scripts/conn.list b/scripts/conn.list new file mode 100644 index 0000000..dbb4a9f --- /dev/null +++ b/scripts/conn.list @@ -0,0 +1 @@ +localhost:5000 diff --git a/scripts/mon_conn b/scripts/mon_conn new file mode 100755 index 0000000..11d508b --- /dev/null +++ b/scripts/mon_conn @@ -0,0 +1,51 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +ADDR_FILE="$(dirname $0)/conn.list" +LOG_PATH="/var/log/monitor" +LOG_NAME="conn" +INTERVAL=60 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function CountAddrConn { + local addr=$1 + local server="${addr%:*}" + local port="${addr#*:}" + local count=0 + if [ 'localhost' = "$server" ]; then + count=$(ss -anpt | awk '{print $4}' \ + | grep -c ":$port$") + else + count=$(ss -anpt | awk '{print $5}' \ + | grep -c "$addr$") + fi + echo "$server $port $count" +} + +function Main { + local addr= + sleep $INTERVAL + for addr in $(cat $ADDR_FILE); do + Log "$(CountAddrConn $addr)" + done +} + +# start +Init +Main + diff --git a/scripts/mon_cpu b/scripts/mon_cpu new file mode 100755 index 0000000..0b3f08d --- /dev/null +++ b/scripts/mon_cpu @@ -0,0 +1,38 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +LOG_PATH="/var/log/monitor" +LOG_NAME="cpu" +INTERVAL=60 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + type sar > /dev/null || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function GetCPULoad { + top -b -n 1 | sed -n '3p' | sed 's/^.*://' | tr , ' ' \ + | awk '{print $1,$3,$9,$7}' +} + +function Main { + sleep $INTERVAL + Log "$(GetCPULoad)" +} + +# start +Init +Main + diff --git a/scripts/mon_disk b/scripts/mon_disk new file mode 100755 index 0000000..ee8d4e1 --- /dev/null +++ b/scripts/mon_disk @@ -0,0 +1,39 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +LOG_PATH="/var/log/monitor" +LOG_NAME="disk" +INTERVAL=300 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function GetDiskInfo { + df | grep '^/dev/' \ + | awk '{print $1,substr($5,0,length($5)-1)}' +} + +function Main { + sleep $INTERVAL + GetDiskInfo|while read line; do + Log "$line" + done +} + +# start +Init +Main + diff --git a/scripts/mon_io b/scripts/mon_io new file mode 100755 index 0000000..87deac6 --- /dev/null +++ b/scripts/mon_io @@ -0,0 +1,42 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +LOG_PATH="/var/log/monitor" +LOG_NAME="io" +SAR_INTERVAL=20 +SAR_COUNT=6 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + type sar > /dev/null || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function GetIOInfo { + sar -dp $SAR_INTERVAL $SAR_COUNT | grep '^Average' \ + | tail -n +2 \ + | awk '{print $2,$3,-$4/2,$5/2,$8,$10}' +} + +function Main { + local line= + GetIOInfo | while read line; do + Log "$line" + done +} + +# start +Init +Main + diff --git a/scripts/mon_kafka b/scripts/mon_kafka new file mode 100755 index 0000000..b9be250 --- /dev/null +++ b/scripts/mon_kafka @@ -0,0 +1,51 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +export JAVA_HOME=/opt/jre +export PATH=$JAVA_HOME/bin:$PATH +LOG_PATH="/var/log/monitor" +LOG_NAME="kafka" +INTERVAL=60 +KAFKA_ROOT="/opt/kafka" +KAFKA_SERVERS="10.0.4.104:9092,10.0.4.105:9092,10.0.4.106:9092" + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function GetKafkaInfo { + local consumer_group= + cd $KAFKA_ROOT/bin || return 1 + for consumer_group in $(./kafka-consumer-groups.sh \ + --bootstrap-server $KAFKA_SERVERS --list); do + ./kafka-consumer-groups.sh \ + --bootstrap-server $KAFKA_SERVERS \ + --group $consumer_group --describe \ + | tail -n +3 | awk '$7 !~ /^-$/{print $1,$2, + $3,$4,$5,substr($7,2),"'$consumer_group'"}' + done +} + +function Main { + sleep $INTERVAL + GetKafkaInfo|while read line; do + Log "$line" + done +} + +# start +Init +Main + diff --git a/scripts/mon_mem b/scripts/mon_mem new file mode 100755 index 0000000..24128b8 --- /dev/null +++ b/scripts/mon_mem @@ -0,0 +1,38 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +LOG_PATH="/var/log/monitor" +LOG_NAME="mem" +INTERVAL=60 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function GetMEMInfo { + free -w | grep '^Mem' \ + | awk '{printf "%.2f %.2f %.2f %.2f\n",$3*100/$2, + $4*100/$2,$6*100/$2,$7*100/$2}' +} + +function Main { + sleep $INTERVAL + Log "$(GetMEMInfo)" +} + +# start +Init +Main + diff --git a/scripts/mon_net b/scripts/mon_net new file mode 100755 index 0000000..12b29b8 --- /dev/null +++ b/scripts/mon_net @@ -0,0 +1,41 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +LOG_PATH="/var/log/monitor" +LOG_NAME="net" +SAR_INTERVAL=50 +SAR_COUNT=6 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + type sar > /dev/null || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function GetNetInfo { + sar -n DEV $SAR_INTERVAL $SAR_COUNT | grep '^Average' \ + | tail -n +2 | awk '{print $2,$5,-$6}' +} + +function Main { + local line= + GetNetInfo | while read line; do + Log "$line" + done +} + +# start +Init +Main + diff --git a/scripts/mon_ping b/scripts/mon_ping new file mode 100755 index 0000000..660546b --- /dev/null +++ b/scripts/mon_ping @@ -0,0 +1,42 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +PING_FILE="$(dirname $0)/ping.list" +LOG_PATH="/var/log/monitor" +LOG_NAME="ping" +INTERVAL=120 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + type fping > /dev/null || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function GetPingInfo { + fping -A -f $PING_FILE \ + | awk '{print $1,$3,"alive"==$3?1:0}' +} + +function Main { + local line= + sleep $INTERVAL + GetPingInfo|while read line; do + Log "$line" + done +} + +# start +Init +Main + diff --git a/scripts/mon_proc b/scripts/mon_proc new file mode 100755 index 0000000..f4c52ba --- /dev/null +++ b/scripts/mon_proc @@ -0,0 +1,55 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 +PROC_FILE="$(dirname $0)/proc.list" +LOG_PATH="/var/log/monitor" +LOG_NAME="proc" +INTERVAL=60 + +function Init { + local self_count=$(pgrep -cx "$(basename $0)") + [ 0 -eq $? ] || exit 1 + [ 1 -eq $self_count ] || exit 1 + mkdir -p $LOG_PATH || exit 1 +} + +function Log { + local msg="$1" + local log_time="$(date +'%F %T')" + local log_file="$LOG_PATH/$LOG_NAME-${log_time% *}.log" + echo "$log_time $msg" >> $log_file + cd $LOG_PATH && ls ${LOG_NAME}-* 2>/dev/null \ + | head -n -7 | xargs rm -f +} + +function GetProcInfo { + local line="$1" + local class="${line%% *}" + local proc="${line#* }" + local stat_code=1 + local stat= + if [ 'service' = "$class" ]; then + stat="$(systemctl status $proc \ + | grep -m 1 '^ Active:' \ + | awk '{print $2}')" + [ 'active' = "$stat" ] && stat_code=0 + [ -z "$stat" ] && stat="unknown" + else + pgrep -f "$proc" &> /dev/null && stat_code=0 \ + && stat='running' || stat='stopped' + fi + echo "$class#$proc#$stat#$stat_code" +} + +function Main { + local line= + sleep $INTERVAL + while read line; do + Log "$(GetProcInfo "$line")" + done < $PROC_FILE +} + +# start +Init +Main + diff --git a/scripts/ping.list b/scripts/ping.list new file mode 100644 index 0000000..fbd8bf5 --- /dev/null +++ b/scripts/ping.list @@ -0,0 +1,2 @@ +192.168.1.1 +192.168.1.2 diff --git a/scripts/proc.list b/scripts/proc.list new file mode 100644 index 0000000..5a0ff1f --- /dev/null +++ b/scripts/proc.list @@ -0,0 +1,2 @@ +service EmotionJudger +daemon java .*-jar .*\\