make it easy

2025-09-20 11:25:54 +12:00
parent 4361958720
commit cb4bf8451f
4 changed files with 200 additions and 1 deletions
--- a/logserver/README.md
+++ b/logserver/README.md
@@ -27,10 +27,16 @@ dropshell install logserver
 # Save the API key for client configuration
 ```
-5. **Access Kibana**
+5. **Setup Kibana** (first time only)
 ```bash
 ./setup-kibana.sh
 ```
 6. **Access Kibana**
 - URL: `http://<server-ip>:5601`
 - Username: Set in `service.env` (KIBANA_USERNAME, default: `admin`)
 - Password: Set in `service.env` (KIBANA_USER_PASSWORD)
 - Click "Discover" → View your logs!
 ## Ports
 - `5601` - Kibana Web UI
--- a/logserver/SIMPLE_GUIDE.md
+++ b/logserver/SIMPLE_GUIDE.md
@@ -0,0 +1,84 @@
 # Simple Guide to Viewing Logs in Kibana
 ## First Time Setup
 Run this once after installing LogServer:
 ```bash
 ./setup-kibana.sh
 ```
 ## Viewing Logs - The Easy Way
 ### 1. Open Kibana
 Go to: `http://<your-server>:5601`
 ### 2. Login
 Use the username and password from your service.env
 ### 3. Click "Discover"
 It's in the left menu (looks like a compass icon)
 ### 4. You're Done!
 Your logs are now visible. That's it!
 ## Simple Controls
 ### See Recent Logs Only
 - Top-right corner: Click the time picker
 - Choose "Last 15 minutes" or "Last 1 hour"
 ### Filter by Container
 - Find any log entry
 - Next to `container_name`: click the `+` button
 - Now you only see logs from that container
 ### Filter by Server
 - Next to `host.name`: click the `+` button
 - Now you only see logs from that host
 ### Search for Text
 - Top search bar: Type any word
 - Press Enter
 - Shows only logs containing that word
 ### Live Updates
 - Top-right: Click "Refresh"
 - Choose "Every 5 seconds"
 - Logs update automatically
 ### Remove Filters
 - Look for filter pills under the search bar
 - Click the `x` on any filter to remove it
 ## Common Searches
 **Show errors only:**
 ```
 error OR ERROR OR Error
 ```
 **Show warnings and errors:**
 ```
 error OR ERROR OR warn OR WARN
 ```
 **Show specific container:**
 ```
 container_name: "myapp"
 ```
 **Show multiple containers:**
 ```
 container_name: ("app1" OR "app2")
 ```
 ## Tips
 1. **Too many columns?** Click "container_name" and "message" in the left sidebar to show just those
 2. **Want raw logs?** Click the ">" arrow next to any log entry to expand it
 3. **Export logs?** Click "Share" → "CSV Reports" → "Generate CSV"
 4. **Time zone wrong?** Click your profile icon → "Advanced Settings" → search "timezone"
 That's all you need to know! Kibana has many advanced features, but for basic log viewing and searching, these commands are sufficient.
--- a/logserver/config/logstash.yml
+++ b/logserver/config/logstash.yml
@@ -8,6 +8,7 @@ node.name: "logstash"
 pipeline.workers: 2
 pipeline.batch.size: 125
 pipeline.batch.delay: 50
 pipeline.ecs_compatibility: disabled
 # HTTP API settings
 http.host: "0.0.0.0"
--- a/logserver/setup-kibana.sh
+++ b/logserver/setup-kibana.sh
@@ -0,0 +1,108 @@
 #!/bin/bash
 # Setup Kibana for simple log viewing
 # This creates index patterns and saved searches for easy log access
 source "${AGENT_PATH}/common.sh"
 _check_required_env_vars "CONTAINER_NAME" "ELASTIC_PASSWORD" "KIBANA_PORT"
 KIBANA_URL="http://localhost:${KIBANA_PORT}"
 AUTH="elastic:${ELASTIC_PASSWORD}"
 echo "Setting up Kibana for simple log viewing..."
 echo ""
 # Wait for Kibana to be ready
 echo -n "Waiting for Kibana to be ready..."
 MAX_WAIT=60
 WAITED=0
 while [ $WAITED -lt $MAX_WAIT ]; do
    if docker exec ${CONTAINER_NAME}_kibana curl -s -u "$AUTH" "${KIBANA_URL}/api/status" 2>/dev/null | grep -q '"level":"available"'; then
        echo " Ready!"
        break
    fi
    echo -n "."
    sleep 2
    WAITED=$((WAITED + 2))
 done
 if [ $WAITED -ge $MAX_WAIT ]; then
    echo ""
    echo "ERROR: Kibana is not ready after ${MAX_WAIT} seconds"
    exit 1
 fi
 # Create index pattern for Filebeat
 echo "Creating Filebeat index pattern..."
 docker exec ${CONTAINER_NAME}_kibana curl -s -X POST \
    -u "$AUTH" \
    -H "Content-Type: application/json" \
    -H "kbn-xsrf: true" \
    "${KIBANA_URL}/api/saved_objects/index-pattern/filebeat-*" \
    -d '{
      "attributes": {
        "title": "filebeat-*",
        "timeFieldName": "@timestamp",
        "fields": "[]"
      }
    }' > /dev/null 2>&1
 # Set as default index pattern
 docker exec ${CONTAINER_NAME}_kibana curl -s -X POST \
    -u "$AUTH" \
    -H "Content-Type: application/json" \
    -H "kbn-xsrf: true" \
    "${KIBANA_URL}/api/kibana/settings" \
    -d '{
      "changes": {
        "defaultIndex": "filebeat-*"
      }
    }' > /dev/null 2>&1
 # Create a simple saved search for Docker logs
 echo "Creating saved searches..."
 docker exec ${CONTAINER_NAME}_kibana curl -s -X POST \
    -u "$AUTH" \
    -H "Content-Type: application/json" \
    -H "kbn-xsrf: true" \
    "${KIBANA_URL}/api/saved_objects/search" \
    -d '{
      "attributes": {
        "title": "Docker Container Logs",
        "description": "View all Docker container logs",
        "columns": ["container_name", "message"],
        "sort": ["@timestamp", "desc"],
        "kibanaSavedObjectMeta": {
          "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"match_all\":{}},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"exists\",\"key\":\"container_name\",\"value\":\"exists\"},\"exists\":{\"field\":\"container_name\"}}]}"
        }
      }
    }' > /dev/null 2>&1
 echo ""
 echo "========================================="
 echo "Kibana Setup Complete!"
 echo "========================================="
 echo ""
 echo "QUICK START GUIDE:"
 echo ""
 echo "1. Open Kibana: ${SERVER_PUBLICBASEURL:-http://$(hostname -I | awk '{print $1}'):${KIBANA_PORT}}"
 echo ""
 echo "2. Login with:"
 echo "   Username: ${KIBANA_USERNAME:-elastic}"
 echo "   Password: [your password]"
 echo ""
 echo "3. TO VIEW LOGS SIMPLY:"
 echo "   a) Click 'Discover' in the left menu"
 echo "   b) Time range is in top-right (set to 'Last 15 minutes' or 'Today')"
 echo "   c) Your logs will appear below"
 echo ""
 echo "4. TO FILTER LOGS:"
 echo "   - By container: Click '+' next to any 'container_name' value"
 echo "   - By host: Click '+' next to any 'host.name' value"
 echo "   - Search box: Type keywords to search all logs"
 echo ""
 echo "5. TO VIEW LIVE LOGS:"
 echo "   - Click the 'Refresh' button in top-right"
 echo "   - Set it to refresh every 5 seconds"
 echo ""
 echo "========================================="