EElasticsearch Handbook

UZMAN

Kibana & Observability

Kibana ES'in görselleştirme katmanıdır. Discover, Lens, Dashboard, Alerting ve Observability (APM, Logs, Metrics) sunar.

Kod örneği tercihiBu sayfadaki istemci örneklerini birlikte değiştirir.

Seviye: Uzman — Bu bölüm production deneyimi gerektirir.

Kibana 9.4 Discover ES|QL + Log arama Lens Drag-drop viz Dashboard Multi-panel Alerting Rules + Actions APM Distributed trace Maps Geo viz Canvas Reports Observability Logs + Metrics + Uptime + SLOs Unified view of system health Security (SIEM) Detection Rules + Timeline Threat hunting + Cases Fleet / Elastic Agent Centralized agent management Policy-based configuration Dev Tools Console (REST client) Search Profiler + Grok

Karar Rehberi

DurumÖneriÖrnek veya gerekçe
**Discover + ES Uygun: QL** Hayır Yapılandırılmış dashboard
Lens Uygun: Hızlı görselleştirme, exploration Trend analizi
Dashboard Uygun: Operasyonel monitoring overview NOC wall screen
Alerting (rules) Uygun: Threshold/anomaly tetikleme Error spike alert
APM Uygun: Distributed tracing, latency debug Microservice latency
Canvas Uygun: Executive/stakeholder report Monthly business report

Temel Kibana Bileşenleri

Bileşen Kullanım Kullanıcı
Discover Log arama, ES QL
Lens Drag-drop görselleştirme Analyst, PM
Dashboard Multi-panel overview Operations, Management
Alerting Threshold/anomaly alerts SRE, On-call
APM Distributed tracing Developer
Maps Geospatial visualization Analyst
Canvas Pixel-perfect reporting Business 
# Kibana alerting rule (via API)
curl -X POST "http://localhost:5601/api/alerting/rule"   -H "kbn-xsrf: true" -H "Content-Type: application/json" -d'
{
  "name": "High Error Rate",
  "rule_type_id": "observability.logs.alert.document.count",
  "consumer": "alerts",
  "schedule": { "interval": "5m" },
  "params": {
    "criteria": [{
      "field": "level",
      "comparator": "equals",
      "value": "ERROR",
      "timeSize": 5,
      "timeUnit": "m",
      "threshold": [100]
    }]
  },
  "actions": [{
    "group": "logs.threshold.fired",
    "id": "slack-connector-id",
    "params": {
      "message": "High error rate detected: {{context.matchingDocuments}} errors in 5 min"
    }
  }]
}'

// Elastic APM .NET Agent integration
// NuGet: Elastic.Apm.NetCoreAll

// Program.cs
builder.Services.AddAllElasticApm(builder.Configuration);

// appsettings.json
// {
//   "ElasticApm": {
//     "ServerUrl": "http://apm-server:8200",
//     "ServiceName": "product-api",
//     "Environment": "production",
//     "TransactionSampleRate": 0.5,
//     "CaptureBody": "errors"
//   }
// }

// Custom span for ES operations
public class TracedSearchService
{
    private readonly ElasticsearchClient _client;
    private readonly ITracer _tracer;

    public async Task<List<Product>> SearchWithTracingAsync(string query)
    {
        var span = _tracer.CurrentTransaction?.StartSpan(
            "ES Search", ApiConstants.TypeDb, "elasticsearch");
        try
        {
            span?.SetLabel("query", query);
            var response = await _client.SearchAsync<Product>(s => s
                .Index("products")
                .Query(q => q.Match(m => m.Field(f => f.Name).Query(query))));
            span?.SetLabel("hits", response.Total);
            return response.Documents.ToList();
        }
        catch (Exception ex)
        {
            span?.CaptureException(ex);
            throw;
        }
        finally
        {
            span?.End();
        }
    }
}

Örnek: SRE ekibi Kibana dashboard'unda: error rate spike → Discover'da ES|QL ile root cause analiz → APM'de distributed trace → ilgili service'i bulup fix. Alerting kuralı 5 dakikada 100+ error'da Slack + PagerDuty tetikler.