There is alreadys kibana-auth repos wrote in NodeJs or RubyOnRails. However I don't familar with both those but can only write a little Perl5 code. So, I use Mojolicious web framework to do this.
I place all my auth code at kbnauth
sub directory, if you don't want any auth, just use the original src
directory.(In facts, I use symlinks for my kbnauth/public/*
)
- full proxy
You can control every requests sending to elasticsearch. I use config.js.ep
for elasticsearch
setting, and return a fake /_nodes
response body which only has one node point to the webserver.
Note: Mojolicious set default max_message_size
to 10MB, I change this setting to 0 which means indefinite size in script/kbnauth
. You can change this to any threshold value you want.
- using a elasticsearch
kibana-auth
index for authorization
Since all the requests would send to the proxy server, every user would has his own namespace for dashboards(kibana-int-$username
, yes, it's a common implement that kibana-proxy used. You can run ./script/kbnauth migratint username hisdashname...
for quick migration) and can only access his own indices or even cluster.
You can add kibana-auth
for user "sri" as follow:
$ curl -XPOST http://127.0.0.1:9200/kibana-auth/indices/sri -d '{
"prefix":["logstash-sri","logstash-ops"],
"server":"192.168.0.2:9200"
}'
Then "sri" can access the "logstash-sri-YYYY.mm.dd" and "logstash-ops-YYYY.mm.dd" indices stored on "192.168.0.2:9200".
- using Authen::Simple framework for authentication
Authen::Simple is a great framework that support so many authentication methods. For example: LDAP, DBI, SSH, Kerberos, PAM, SMB, NIS, PAM, ActiveDirectory etc.
I use Passwd as default(using htpasswd
commandline). But you can add/change more methods to kbn_auth.conf
as follow:
authen => {
LDAP => {
host => 'ad.company.com',
binddn => '[email protected]',
bindpw => 'secret',
basedn => 'cn=users,dc=company,dc=com',
filter => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))'
},
}
The code depands on Mojolicious and Authen::Simple.
curl http://xrl.us/cpanm -o /usr/local/bin/cpanm
chmod +x /usr/local/bin/cpanm
cpanm Mojolicious Authen::Simple::Passwd
If you want use other authen methods, for example, LDAP, just run cpanm Authen::Simple::LDAP
.
Tips: if you run the code at a clean RHEL system, you may find Digest::SHA
need to install too. RedHat split Perl core modules to a special perl-core
RPM. Run yum install -y perl-core
to solve it. I HATE REDHAT!
cd kbnauth
morbo script/kbnauth # listen :3000 for development
hypnotoad script/kbnauth # listen :80 for production, ports defined at kbn_auth.conf
Now you can login with init user/pass: "sri/secr3t". (this is the name of mojolicious creator)
Percentile is a great data analysis method. Elasticsearch add percentile aggregation support after version 1.1.0. But Kibana v3 use an outdate elastic.js which don't support aggergation! So I write this panel using native angularjs $.http
api.
Elasticsearch had add percentile rank in version 1.3.0, so exciting!
Tips: merged new version of elasticjs at 2014/08/15, should rewrite this panel now.(DONE at 2014/08/16)
I need a pie chart to show percentile of range sections(percentile rank wait for only one value). So I use RangeFacet to implement this.
Here is the rendering:
And you can add more range sections as you like:
Now you can select different leaflet map providers from bettermap
panel settings.
For chinese user, there is GaoDe(高德地图)!
Fetch _type
and fields
from /_mapping
API. and help you to generate some querystrings by click multi-select.
Use HTML5 Notification API to alert the outier value of queries.
Use map.cn.js from http://jvectormap.com/maps/countries/china/, delete CN-
because filter/geoip
don't have such prefix.
Add Taiwan to this map.
Many thanks to this author(@loveshell)!
Provide a way to choose the stat to display into the map, not only the total number of hits but also min/max/total etc.
Many thanks to this author(@eMerzh)!
This panel is so useful if you want to check the trend of your statistic history.
Many thanks to this author(@opsSysDev)!
Enable histogram panel to plot multiple fields.
Many thanks to this author(@tvvmb)!
Enhances the histogram panel to support value-based histograms in addition to time-series histograms.
Many thanks to this author(@jdve)!
Adds refresh icon to kibana panel directive which broadcasts a refresh event down its scope chain.
Many thanks to this author(@thegreenpizza)!
- Angular is now at 1.2.20
- Elasticsearch JS now included
- Updated to the latest elasticjs
Math.log() for valuehistogram panel(had try_.map(series, function(v){return Math.log(v)})
, not so useful)- percentile histogram panel http://www.flotcharts.org/flot/examples/percentiles/index.html??
- heatmap panel http://www.patrick-wied.at/static/heatmapjs/plugin-leaflet-layer.html
threshold for histogram http://www.flotcharts.org/flot/examples/threshold/index.html(had try, not so useful, but I keep this commit in the repo)webkit.notification for histogram