ELK之elasticsearch6.5
Posted jsonhc
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELK之elasticsearch6.5相关的知识,希望对你有一定的参考价值。
官方网站:https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html
这里采用rpm的方式安装:
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.4.rpm
elasticsearch依赖java环境,于是在安装之前需要配置java:
# rpm -ivh jdk-8u191-linux-x64.rpm # java -version
java环境安装完成后,安装elasticsearch:
# rpm --install elasticsearch-6.5.4.rpm
elasticsearch的配置文件:
[[email protected] ~]# cd /etc/elasticsearch/ [[email protected] elasticsearch]# ll 总用量 36 -rw-rw----. 1 root elasticsearch 207 12月 23 18:04 elasticsearch.keystore -rw-rw----. 1 root elasticsearch 2869 12月 18 05:21 elasticsearch.yml -rw-rw----. 1 root elasticsearch 3266 12月 18 05:21 jvm.options -rw-rw----. 1 root elasticsearch 12423 12月 18 05:21 log4j2.properties -rw-rw----. 1 root elasticsearch 473 12月 18 05:21 role_mapping.yml -rw-rw----. 1 root elasticsearch 197 12月 18 05:21 roles.yml -rw-rw----. 1 root elasticsearch 0 12月 18 05:21 users -rw-rw----. 1 root elasticsearch 0 12月 18 05:21 users_roles
如果需要修改jvm参数,调整jvm.options这个配置文件就行:默认配置为1g
[[email protected] elasticsearch]# egrep "^-Xms|^-Xmx" jvm.options -Xms1g -Xmx1g
现在将elasticsearch做一下简单的配置如下:
[[email protected] elasticsearch]# egrep -v "^$|^#" elasticsearch.yml cluster.name: es 集群的名字 node.name: node1 节点的名字 path.data: /var/lib/elasticsearch 数据目录 path.logs: /var/log/elasticsearch 日志目录 network.host: 0.0.0.0 服务监听的ip http.port: 9200 服务监听的端口
然后启动elasticsearch服务:
# systemctl daemon-reload # systemctl enable elasticsearch.service # systemctl start elasticsearch.service # systemctl status elasticsearch.service
查看监听状态:
[[email protected] elasticsearch]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 968/sshd tcp6 0 0 :::9200 :::* LISTEN 2756/java tcp6 0 0 :::9300 :::* LISTEN 2756/java tcp6 0 0 :::22 :::* LISTEN 968/sshd
于是单节点的elasticsearch服务配置完成,现在做一些curl的操作,熟悉elasticsearch的一些查询:
1.关于cat API的使用:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cat/nodes" 172.16.23.129 32 68 0 0.00 0.04 0.05 mdi * node1 [[email protected] elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v" ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name 172.16.23.129 28 68 2 0.02 0.07 0.05 mdi * node1
由于es集群只有一个节点,所以节点node1也是master节点:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cat/master?v" id host ip node q95yZ4W4Tj6PaXyzLZZYDQ 172.16.23.129 172.16.23.129 node1
然后可以根据指定的字段获取结果:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v&h=id,ip,port,v,m" id ip port v m q95y 172.16.23.129 9300 6.5.4 *
指定的字段格式为:h=colume即可:这里的h代表为header
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v&h=ram.percent" ram.percent 69
具体header后面可以过滤哪些colume,请查看官网:https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-nodes.html
查看health:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cat/health?v" epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent 1545561036 10:30:36 es green 1 1 0 0 0 0 0 0 - 100.0%
elasticsearch下重要的index:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cat/indices?v" health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
由上面返回结果来看,是没有数据的,表示es这个集群并没有构建索引
2.关于indices API的使用:
2.1创建一个index:
# curl -X PUT "localhost:9200/test1" 创建的索引全部以默认值,默认的shard等等
查看这个index:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cat/indices?v" health status index uuid pri rep docs.count docs.deleted store.size pri.store.size yellow open test1 KqGrTZ7GQv6o5jEQPK-wwA 5 1 0 0 1.1kb 1.1kb
创建的index拥有默认的shards个数,5个,可以通过将indeices换为shards进行查看
查看索引test1的具体的默认配置,获取索引test1:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/test1" {"test1":{"aliases":{},"mappings":{},"settings":{"index":{"creation_date":"1545561578119","number_of_shards":"5","number_of_replicas":"1","uuid":"KqGrTZ7GQv6o5jEQPK-wwA","version":{"created":"6050499"},"provided_name":"test1"}}}}[[email protected] elasticsearch]#
由于上面的结果不利于查看,于是使用python的json工具转化一下:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/test1" |python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 229 100 229 0 0 6870 0 --:--:-- --:--:-- --:--:-- 7387 { "test1": { "aliases": {}, "mappings": {}, "settings": { "index": { "creation_date": "1545561578119", "number_of_replicas": "1", "number_of_shards": "5", "provided_name": "test1", "uuid": "KqGrTZ7GQv6o5jEQPK-wwA", "version": { "created": "6050499" } } } } }
可以看见上面依然显示不是很友好,有下载的状态,curl的参数-s静默输出:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/test1" -s|python -m json.tool { "test1": { "aliases": {}, "mappings": {}, "settings": { "index": { "creation_date": "1545561578119", "number_of_replicas": "1", "number_of_shards": "5", "provided_name": "test1", "uuid": "KqGrTZ7GQv6o5jEQPK-wwA", "version": { "created": "6050499" } } } } }
可以看出索引test1的shards数为5个,replicas数为1个等等信息
获取索引test1中结果的某指定字段:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/test1/_settings" -s|python -m json.tool { "test1": { "settings": { "index": { "creation_date": "1545561578119", "number_of_replicas": "1", "number_of_shards": "5", "provided_name": "test1", "uuid": "KqGrTZ7GQv6o5jEQPK-wwA", "version": { "created": "6050499" } } } } }
[[email protected] elasticsearch]# curl -X GET "localhost:9200/test1/_mappings" -s|python -m json.tool { "test1": { "mappings": {} } }
2.2删除索引
[[email protected] elasticsearch]# curl -X DELETE "localhost:9200/test1" {"acknowledged":true}[[email protected] elasticsearch]#
3._cluster API查询:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cluster/health" -s |python -m json.tool { "active_primary_shards": 5, "active_shards": 5, "active_shards_percent_as_number": 50.0, "cluster_name": "es", "delayed_unassigned_shards": 0, "initializing_shards": 0, "number_of_data_nodes": 1, "number_of_in_flight_fetch": 0, "number_of_nodes": 1, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "yellow", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 5 }
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cluster/health/test1" -s |python -m json.tool { "active_primary_shards": 5, "active_shards": 5, "active_shards_percent_as_number": 50.0, "cluster_name": "es", "delayed_unassigned_shards": 0, "initializing_shards": 0, "number_of_data_nodes": 1, "number_of_in_flight_fetch": 0, "number_of_nodes": 1, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "yellow", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 5 }
[[email protected] elasticsearch]# curl -X GET "localhost:9200/_cluster/health/test1?level=shards" -s |python -m json.tool
如果不想-s |python -m json.tool,那么还有一种方式格式化输出:
[[email protected] elasticsearch]# curl -X GET "localhost:9200/test1?human&pretty" { "test1" : { "aliases" : { }, "mappings" : { }, "settings" : { "index" : { "creation_date_string" : "2018-12-23T11:04:48.982Z", "number_of_shards" : "5", "provided_name" : "test1", "creation_date" : "1545563088982", "number_of_replicas" : "1", "uuid" : "ZAjj9y_sSPmGz8ZscIXUsA", "version" : { "created_string" : "6.5.4", "created" : "6050499" } } } } }
需要在后面加上?human&pretty
以上是关于ELK之elasticsearch6.5的主要内容,如果未能解决你的问题,请参考以下文章