FILEBEAT+ELK鏃ュ織鏀堕泦骞冲彴鎼缓娴佺▼
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了FILEBEAT+ELK鏃ュ織鏀堕泦骞冲彴鎼缓娴佺▼相关的知识,希望对你有一定的参考价值。
鏍囩锛?a href='http://www.mamicode.com/so/1/factor' title='factor'>factor span affinity sea mfa ica pat x64
filebeat+elk鏃ュ織鏀堕泦骞冲彴鎼缓娴佺▼
1銆?nbsp; 鏁翠綋绠€浠嬶細
妯″紡锛氬崟鏈?/p>
骞冲彴锛歀inux - centos - 7
ELK锛歟lasticsearch銆乴ogstash銆乲ibana涓夋寮€婧愯蒋浠剁殑闆嗗悎銆?/p>
FILEBEAT锛氫唬鏇縧ogstash鐨勯噰闆嗗姛鑳斤紝杞婚噺銆佽€楃敤灏忋€?/p>
鐩墠鏀堕泦鐨勬湁nginx鏃ュ織銆乯ava鏃ュ織[鍗曡|澶氳]銆?/p>
閮芥槸閫氳繃鍦ㄥ鎴风鐨勭敓鎴愭棩蹇楅厤缃枃浠朵腑瀹氫箟濂藉垵姝son鏍煎紡锛岀劧鍚庡埄鐢╢ilebeat閲囬泦鍒發ogstash锛屽瓨鍌ㄥ埌elasticsearch锛屾渶鍚庨€氳繃kibana鍦ㄦ祻瑙堝櫒椤甸潰涓睍绀哄嚭鏉ャ€?/p>
elasticsearch銆乴ogstash銆乲ibana 濡傛灉鏄痳oot瀹夎锛岄粯璁や細鍒涘缓锛坋lasticsearch銆乴ogstash銆乲ibana锛変笁涓崟鐙敤鎴锋潵鐙珛杩愯銆傜敤www鐢ㄦ埛瀹夎濂藉悗榛樿鏄互www鐢ㄦ埛杩愯銆傛湰鏂囨紨绀虹敤鐨勬槸www銆?/p>
2銆?nbsp; 杞欢鐜瀹夎锛?/strong>
锛?锛夈€乯ava鐜锛?/p>
Elasticsearch闇€瑕佸畨瑁匤ava 8鐨勭幆澧冦€?/p>
濡傛灉娌℃湁涓嬭浇jdk1.8鐨勮蒋浠跺寘锛屽彲浠ョ洿鎺ュ畨瑁?span style="color: #008000;"> java-1.8.0-openjdk銆?/p>
锛?锛夈€佷笅杞絜lasticsearch锛圠inux鐗堟湰锛夌殑浜岃繘鍒跺寘骞惰В鍘嬶細
$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.4.0.tar.gz
$ unzip elasticsearch-6.4.0.tar.gz
$ mv elasticsearch-6.4.0 elasticsearch
$ vim elasticsearch/config/elasticsearch.yml
|
path.data: /data/soft/elasticsearch/data/ path.logs: /data/soft/elasticsearch/logs/ |
$ sudo sysctl -w vm.max_map_count=262144
$ vim /etc/sysctl.conf鏂囦欢锛屾坊鍔狅細
|
vm.max_map_count=262144 |
$ sysctl -p
$ vim /etc/security/limits.conf鏂囦欢锛屾湯灏炬坊鍔?
|
* soft nproc 20536 * hard nproc 20536 * soft nofile 65536 * hard nofile 65536 |
閫€鍑洪噸鏂扮櫥褰曠敓鏁堛€?/p>
灏唀lasticsearch銆乴ogstash銆乲ibana銆乫ilebeat鐨刡in鐩綍鍔犲叆鍒扮幆澧冨彉閲廝ATH锛?/p>
/data/soft/logstash/bin:/data/soft/kibana/bin:/data
/soft/elasticsearch/bin:/data/soft/filebeat
$ nohup elasticsearch -d >/data/soft/elasticsearch/nohup.out
2>&1 &
鍚姩鍚庯紝Elastic榛樿鍦?200绔彛杩愯銆?/p>
$ curl -X GET localhost:9200鎴朿url localhost:9200
|
"name" : "zny0iRv", "cluster_name" : "elasticsearch", "cluster_uuid" : "AErImFrFQOaoFPzNSdVmfA", "version" : "number" : "6.4.0", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "595516e", "build_date" : "2018-08-17T23:18:47.308994Z", "build_snapshot" : false, "lucene_version" : "7.4.0", "minimum_wire_compatibility_version" : "5.6.0", "minimum_index_compatibility_version" : "5.0.0" , "tagline" : "You Know, for Search" |
锛?锛夈€佷笅杞絣ogstash锛圠inux鐗堟湰锛夌殑浜岃繘鍒跺寘骞惰В鍘嬶細
$ wget https://artifacts.elastic.co/downloads/logstash/logstash-6.4.0.zip
$ unzip logstash-6.4.0.zip logstash-6.4.0
$ mv logstash-6.4.0 logstash
$ cd logstash/config/
$ cat config/logstash.yml|grep -vE 鈥榐$|#鈥?/p>
|
# pipeline 绾跨▼鏁帮紝鍙紭鍖栦负 ---> pipeline.workers: CPU鍐呮牳鏁帮紙鎴栧嚑鍊峜pu鍐呮牳鏁帮級 pipeline.workers: 32 # 瀹為檯output 鏃剁殑绾跨▼鏁帮紝鍙紭鍖栦负 ---> pipeline.output.workers: 涓嶈秴杩噋ipeline 绾跨▼鏁?/p> pipeline.output.workers: 32 # 姣忔鍙戦€佺殑浜嬩欢鏁?/p> pipeline.batch.size: 8000 # 鍙戦€佸欢鏃?/p> pipeline.batch.delay: 15 # filter璁剧疆multiline鍚庯紝pipline worker浼氳嚜鍔ㄥ皢涓?锛屽鏋滀娇鐢╢ilebeat锛屽缓璁湪beat涓氨浣跨敤multiline锛屽鏋滀娇鐢╨ogstash浣滀负shipper锛屽缓璁湪input 涓缃甿ultiline锛屼笉瑕佸湪filter涓缃甿ultiline銆?/p> |
$ vim logstash.conf
|
input |
|
beats |
|
codec => json |
|
port => 5044 #host => “0.0.0.0” |
|
|
|
filter |
|
mutate |
|
remove_field => ["@version","[beat][name]","[beat][version]","[beat][hostname]","tags"] |
|
#remove_field => "message" |
|
|
|
if [nx_upstream_host] != "-" |
|
mutate |
|
convert => "nx_upstream_response_time"=>"float" |
|
convert => "nx_upstream_response_length"=>"integer" |
|
convert => "nx_upstream_connect_time"=>"float" |
|
|
|
else |
|
mutate |
|
remove_field => ["nx_upstream_host","nx_upstream_response_time","nx_upstream_response_length","nx_upstream_status","nx_upstream_connect_time"] |
|
|
|
|
|
output |
|
# 8bet-test-srv-4:nginx |
|
if [project] == "8bet-admin" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "8bet-nginx-admin-%+YYYY.MM.dd" |
|
|
|
else if [project] == "8bet-h5" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "8bet-nginx-h5-%+YYYY.MM.dd" |
|
|
|
else if [project] == "8bet-newadmin" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "8bet-nginx-newadmin-%+YYYY.MM.dd" |
|
|
|
else if [project] == "8bet-newh5" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "8bet-nginx-newh5-%+YYYY.MM.dd" |
|
|
|
else if [project] == "8bet-nginx-error" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "8bet-nginx-error-%+YYYY.MM.dd" |
|
|
|
# 8bet-test-srv-5:nginx |
|
else if [project] == "pay-nginx-admin" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "pay-nginx-admin-%+YYYY.MM.dd" |
|
|
|
else if [project] == "pay-nginx-user" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "pay-nginx-user-%+YYYY.MM.dd" |
|
|
|
else if [project] == "pay-nginx-api" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "pay-nginx-api-%+YYYY.MM.dd" |
|
|
|
else if [project] == "pay-nginx-error" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
index => "pay-nginx-error-%+YYYY.MM.dd" |
|
|
|
# 8bet-test-srv-4:java |
|
else if [source] == "/log/billing/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-billing-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/billing/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-billing-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/member/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-member-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/member/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-member-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/admin/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-admin-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/admin/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-admin-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/pay/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-pay-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/pay/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-pay-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/discount/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-discount-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/discount/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-discount-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/schedule/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-schedule-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/schedule/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-schedule-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/security/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-security-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/security/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-security-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/caipiao/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-caipiao-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/caipiao/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-caipiao-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/cpbilling/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-cpbilling-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/cpbilling/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-cpbilling-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/cpmessage/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-cpmessage-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/cpmessage/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-cpmessage-error-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/cpschedule/info.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-cpschedule-info-%+YYYY.MM.dd" |
|
|
|
else if [source] == "/log/cpschedule/error.log" |
|
elasticsearch |
|
hosts => ["http://localhost:9200"] |
|
#manage_template => true |
|
#template_overwrite => true |
|
index => "8bet-java-cpschedule-error-%+YYYY.MM.dd" |
|
|
|
|
|
stdout |
|
codec => rubydebug |
|
|
|
#output |
|
# stdout codec => rubydebug |
|
# elasticsearch |
|
# hosts => ["http://localhost:9200"] |
|
# index => "%[@metadata][beat]-%[@metadata][version]-%+YYYY.MM" |
|
# |
|
# |
妫€鏌ogstash閰嶇疆鏂囦欢鐨勮娉曞懡浠わ細
$ logstash --path.settings /data/soft/logstash/config/ -f /data/soft/logstash/config/logstash.conf -t
$ nohup logstash -f /data/soft/logstash/config/logstash.conf >/data/soft/logstash/out.log 2>&1 &
锛?锛夈€佷笅杞絢ibana锛圠inux鐗堟湰锛夌殑浜岃繘鍒跺寘骞惰В鍘嬶細
$ wget https://artifacts.elastic.co/downloads/kibana/kibana-6.4.0-linux-x86_64.tar.gz
$ tar -zxf kibana-6.4.0-linux-x86_64.tar.gz
$ mv kibana-6.4.0-linux-x86_64 kibana
$ vim kibana/config/kibana.yml
|
elasticsearch.url: "http://localhost:9200" elasticsearch.shardTimeout: 0 pid.file: /data/soft/kibana/kibana.pid |
$ nohup /data/soft/kibana/bin/kibana >/data/soft/kibana/out.log 2>&1 &
3銆?nbsp; FILEBEAT锛堟敹闆嗙锛夊崟鐙厤缃細
浠ヤ竴鍙癴ilebeat閲囬泦绔仛绀轰緥锛?/p>
锛?锛夈€乶ginx鏃ュ織鏍煎紡閰嶇疆锛?/p>
$ vim /data/soft/nginx/conf/nginx.conf
|
user www; |
|
worker_processes 4; |
|
worker_rlimit_nofile 20000; |
|
worker_cpu_affinity 00000001 00000010 00000100 00001000; |
|
error_log /log/nginx/error.log error; |
|
pid /log/nginx/nginx.pid; |
|
events |
|
use epoll; |
|
worker_connections 20000; |
|
http |
|
include mime.types; |
|
default_type application/octet-stream; |
|
sendfile on; |
|
tcp_nodelay on; |
|
tcp_nopush on; |
|
client_body_timeout 10; |
|
client_header_timeout 10; |
|
send_timeout 10; |
|
keepalive_timeout 50; |
|
client_body_buffer_size 4k; |
|
client_header_buffer_size 1k; |
|
client_max_body_size 10m; |
|
large_client_header_buffers 2 1k; |
|
open_file_cache max=65535 inactive=20s; |
|
open_file_cache_valid 30s; |
|
open_file_cache_min_uses 1; |
|
gzip on; |
|
gzip_min_length 1k; |
|
gzip_buffers 8 16k; |
|
gzip_comp_level 3; |
|
gzip_http_version 1.1; |
|
gzip_disable "MSIE [1-6]."; |
|
gzip_types text/plain application/x-javascript text/css application/xml application/x-httpd-php image/jpeg image/gif image/png; |
|
gzip_vary on; # nginx闇€瑕侀厤缃殑鏃ュ織杈撳嚭鏍煎紡涓?/strong>json鏍煎紡锛氫唬鏇?/strong>logstash鐨?/strong>grok杩囨护銆?/strong> |
|
log_format main 鈥榹"nx_localtime@timestamp":"$time_local",鈥?/span> |
|
鈥?nx_host":"$server_addr",鈥?/span> |
|
鈥?nx_client_ip":"$remote_addr",鈥?/span> |
|
鈥?nx_body_size":$body_bytes_sent,鈥?/span> |
|
鈥?nx_request_time":$request_time,鈥?/span> |
|
鈥?nx_scheme":"$scheme",鈥?/span> |
|
鈥?nx_http_host":"$host",鈥?/span> |
|
鈥?nx_request_method":"$request_method",鈥?/span> |
|
鈥?nx_uri":"$uri",鈥?/span> |
|
鈥?nx_status":"$status",鈥?/span> |
|
鈥?nx_referer":"$http_referer",鈥?/span> |
|
鈥?nx_agent":"$http_user_agent",鈥?/span> |
|
鈥?nx_upstream_host":"$upstream_addr",鈥?/span> |
|
鈥?nx_upstream_response_time":"$upstream_response_time",鈥?/span> |
|
鈥?nx_upstream_response_length":"$upstream_response_length",鈥?/span> |
|
鈥?nx_upstream_status":"$upstream_status",鈥?/span> |
|
鈥?nx_upstream_connect_time":"$upstream_connect_time"鈥? |
|
include vhost/*.conf; |
璁块棶nginx锛屾煡鐪嬫鏃秐ginx-log涓殑杈撳嚭锛?/p>
|
"nx_localtime@timestamp":"27/Sep/2018:21:37:17 +0800","nx_host":"156.237.192.218","nx_client_ip":"113.61.62.154","nx_body_size":665,"nx_request_time":0.000,"nx_scheme":"http","nx_http_host":"log.2481888.com","nx_request_method":"GET","nx_uri":"/nginx/","nx_status":"200","nx_referer":"http://log.2481888.com/","nx_agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (Khtml, like Gecko) Chrome/69.0.3497.100 Safari/537.36","nx_upstream_host":"","nx_upstream_response_time":"","nx_upstream_response_length":"","nx_upstream_status":"","nx_upstream_connect_time":"" |
锛?锛夈€乯ava鏃ュ織鏍煎紡閰嶇疆锛?/p>
鍒╃敤spring cloud config閰嶇疆涓績鐨勯泦涓寲绠$悊java鏃ュ織杈撳嚭锛屼慨鏀圭粺涓€鐨勯厤缃枃浠讹細
$ vim /data/www/java/log4j2.xml
|
<configuration status="INFO"> |
|
<!-- 鍙傛暟閰嶇疆 --> |
|
<properties> |
|
<property name="app_name">$sys:project.name</property> |
|
<property name="log_path">/log/$app_name</property> |
|
<!-- 鏂囦欢杈撳嚭鏍煎紡閰嶆垚json鏍煎紡锛屾柟渚?/strong>filebeat鏀堕泦锛岀渷鐣?/strong>logsta杩囨护 --> |
|
<property name="PATTERN">"jv_time":"%dyyyy-MM-dd HH:mm:ss.SSS","jv_level":"%level","jv_thread":"%thread","jv_class":"%logger","jv_method":"%M","jv_message":"%replace%replace%msg"\\"\n|","jv_throwable":"%replace%replace%xEx"\\"[\n\r\t]|"%n%xExnone</property> |
|
</properties> |
|
|
|
<appenders> ... ... |
閲嶅惎java椤圭洰鍚庯紝姝ゆ椂鏃ュ織涓殑杈撳嚭灏卞彉鎴恓son鏍煎紡浜嗐€?/p>
|
"jv_time": "2018 09 29 20:16:32.672","jv_level": "INFO","jv_thread": "MQClientFactoryScheduledThread", "jv_class": "RocketmqClient", "jv_method": "sendHeartbeatToAllBroker","jv_message": "send heart beat to broker[broker-a 0 8bet-test-srv-2:10911] success","jv_throwable": "" |
锛?锛夈€乫ilebeat鐨勫畨瑁呬笌閰嶇疆锛?/p>
$wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.4.0-linux-x86_64.tar.gz
$ tar -zxf filebeat-6.4.0-linux-x86_64.tar.gz
$ mv filebeat-6.4.0-linux-x86_64 filebeat
$ vim filebeat/filebeat.yml
|
filebeat.inputs: |
|
- type: log |
|
paths: |
|
- /log/nginx/8bet.admin.log |
|
fields: |
|
project: 8bet-admin |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: nginx |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/nginx/8bet.h5.log |
|
fields: |
|
project: 8bet-h5 |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: nginx |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/nginx/8bet.newadmin.log |
|
fields: |
|
project: 8bet-newadmin |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: nginx |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/nginx/8bet.newh5.log |
|
fields: |
|
project: 8bet-newh5 |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: nginx |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/nginx/error.log |
|
fields: |
|
project: 8bet-nginx-error |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: nginx |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/billing/info.log |
|
fields: |
|
project: 8bet-java-billing |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/billing/error.log |
|
fields: |
|
project: 8bet-java-billing |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true #error鏃ュ織澶氳鍙厤缃」 # multiline.pattern: 鈥榐\鈥?/p> # multiline.negate: true # multiline.match: after |
|
- type: log |
|
paths: |
|
- /log/member/info.log |
|
fields: |
|
project: 8bet-java-member |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/member/error.log |
|
fields: |
|
project: 8bet-java-member |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/admin/info.log |
|
fields: |
|
project: 8bet-java-admin |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/admin/error.log |
|
fields: |
|
project: 8bet-java-admin |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/pay/info.log |
|
fields: |
|
project: 8bet-java-pay |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/pay/error.log |
|
fields: |
|
project: 8bet-java-pay |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/discount/info.log |
|
fields: |
|
project: 8bet-java-discount |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/discount/error.log |
|
fields: |
|
project: 8bet-java-discount |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/schedule/info.log |
|
fields: |
|
project: 8bet-java-schedule |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/schedule/error.log |
|
fields: |
|
project: 8bet-java-schedule |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/security/info.log |
|
fields: |
|
project: 8bet-java-security |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/security/error.log |
|
fields: |
|
project: 8bet-java-security |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/caipiao/info.log |
|
fields: |
|
project: 8bet-java-caipiao |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/caipiao/error.log |
|
fields: |
|
project: 8bet-java-caipiao |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/cpbilling/info.log |
|
fields: |
|
project: 8bet-java-cpbilling |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/cpbilling/error.log |
|
fields: |
|
project: 8bet-java-cpbilling |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/cpmessage/info.log |
|
fields: |
|
project: 8bet-java-cpmessage |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/cpmessage/error.log |
|
fields: |
|
project: 8bet-java-cpmessage |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/cpschedule/info.log |
|
fields: |
|
project: 8bet-java-cpschedule |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
- type: log |
|
paths: |
|
- /log/cpschedule/error.log |
|
fields: |
|
project: 8bet-java-cpschedule |
|
server_ip: 192.168.41.4 |
|
server_name: 8bet-test-srv-4 |
|
soft: java |
|
fields_under_root: true |
|
filebeat.config.modules: |
|
path: $path.config/modules.d/*.yml |
|
reload.enabled: false |
|
setup.template.settings: |
|
index.number_of_shards: 3 |
|
setup.kibana: |
|
output.logstash: |
|
hosts: ["8bet-test-srv-6:5044"] |
鍚姩锛?/p>
$ /data/soft/filebeat/filebeat -c /data/soft/filebeat/filebeat.yml &
PS锛氭渶鍚庡皢elk鍜宖ilebeat鐨勭浉鍏冲懡浠ゅ啓鍏ュ埌鍚姩鑴氭湰绠€鍖栨搷浣溿€?/p>
4銆?nbsp; REST API鏂瑰紡鎿嶄綔锛?/strong>
甯哥敤鐨勫嚑绉嶆搷浣滅ず渚嬶細
$ curl -XGET 鈥榣ocalhost:9200/_cat/health?v&pretty=true鈥?/p>
$ curl -XPUT 鈥榣ocalhost:9200/laptops鈥?/p>
$curl -XPUT 鈥榣ocalhost:9200/laptops/doc/1?pretty&pretty鈥?-H 鈥楥ontent-Type: application/json鈥?-d ‘ "title": "Laptop X1 i7 8gb RAM " ’
$curl -XPUT 鈥榣ocalhost:9200/laptops/doc/2?pretty&pretty鈥?-H 鈥楥ontent-Type: application/json鈥?-d ‘ "title": "Laptop X2 i5 4gb RAM " ’
$ curl -XGET 鈥榣ocalhost:9200/laptops/_search?pretty=true鈥?-H 鈥楥ontent-Type: application/json鈥?/p>
$ curl -XDELETE 鈥榣ocalhost:9200/laptops/?pretty=true鈥?/p>
5銆?nbsp; 闄勫綍鍥剧墖
filebeat鍙戦€佸瓧娈碉細
6銆?nbsp; 浠ヤ笅閮ㄥ垎涓烘憳褰曠綉涓婃枃妗i儴鍒嗐€愭彁渚涘弬鑰冦€戯細
榛樿鎯呭喌涓嬶紝Elastic 鍙厑璁告湰鏈鸿闂紝濡傛灉闇€瑕佽繙绋嬭闂紝鍙互淇敼 Elastic 瀹夎鐩綍鐨刢onfig/elasticsearch.yml鏂囦欢锛屽幓鎺塶etwork.host鐨勬敞閲婏紝灏嗗畠鐨勫€兼敼鎴?.0.0.0锛岀劧鍚庨噸鏂板惎鍔?Elastic銆?/p>
network.host:0.0.0.0
涓婇潰浠g爜涓紝璁炬垚0.0.0.0璁╀换浣曚汉閮藉彲浠ヨ闂€傜嚎涓婃湇鍔′笉瑕佽繖鏍疯缃紝瑕佽鎴愬叿浣撶殑 IP銆?/p>
浜屻€佸熀鏈蹇?/p>
2.1 Node 涓?Cluster
Elastic 鏈川涓婃槸涓€涓垎甯冨紡鏁版嵁搴擄紝鍏佽澶氬彴鏈嶅姟鍣ㄥ崗鍚屽伐浣滐紝姣忓彴鏈嶅姟鍣ㄥ彲浠ヨ繍琛屽涓?Elastic 瀹炰緥銆?/p>
鍗曚釜 Elastic 瀹炰緥绉颁负涓€涓妭鐐癸紙node锛夈€備竴缁勮妭鐐规瀯鎴愪竴涓泦缇わ紙cluster锛夈€?/p>
2.2 Index
Elastic 浼氱储寮曟墍鏈夊瓧娈碉紝缁忚繃澶勭悊鍚庡啓鍏ヤ竴涓弽鍚戠储寮曪紙Inverted Index锛夈€傛煡鎵炬暟鎹殑鏃跺€欙紝鐩存帴鏌ユ壘璇ョ储寮曘€?/p>
鎵€浠ワ紝Elastic 鏁版嵁绠$悊鐨勯《灞傚崟浣嶅氨鍙仛 Index锛堢储寮曪級銆傚畠鏄崟涓暟鎹簱鐨勫悓涔夎瘝銆傛瘡涓?Index 锛堝嵆鏁版嵁搴擄級鐨勫悕瀛楀繀椤绘槸灏忓啓銆?/p>
涓嬮潰鐨勫懡浠ゅ彲浠ユ煡鐪嬪綋鍓嶈妭鐐圭殑鎵€鏈?Index銆?/p>
$ curl-X GET鈥?a href="http://localhost/">http://localhost:9200/_cat/indices?v鈥?code>
2.3 Document
Index 閲岄潰鍗曟潯鐨勮褰曠О涓?Document锛堟枃妗o級銆傝澶氭潯 Document 鏋勬垚浜嗕竴涓?Index銆?/p>
Document 浣跨敤 JSON 鏍煎紡琛ㄧず锛屼笅闈㈡槸涓€涓緥瀛愩€?/p>
"user":"寮犱笁",
"title":"宸ョ▼甯?,
"desc":"鏁版嵁搴撶鐞?
鍚屼竴涓?Index 閲岄潰鐨?Document锛屼笉瑕佹眰鏈夌浉鍚岀殑缁撴瀯锛坰cheme锛夛紝浣嗘槸鏈€濂戒繚鎸佺浉鍚岋紝杩欐牱鏈夊埄浜庢彁楂樻悳绱㈡晥鐜囥€?/p>
2.4 Type
Document 鍙互鍒嗙粍锛屾瘮濡倃eather杩欎釜 Index 閲岄潰锛屽彲浠ユ寜鍩庡競鍒嗙粍锛堝寳浜拰涓婃捣锛夛紝涔熷彲浠ユ寜姘斿€欏垎缁勶紙鏅村ぉ鍜岄洦澶╋級銆傝繖绉嶅垎缁勫氨鍙仛 Type锛屽畠鏄櫄鎷熺殑閫昏緫鍒嗙粍锛岀敤鏉ヨ繃婊?Document銆?/p>
涓嶅悓鐨?Type 搴旇鏈夌浉浼肩殑缁撴瀯锛坰chema锛夛紝涓句緥鏉ヨ锛宨d瀛楁涓嶈兘鍦ㄨ繖涓粍鏄瓧绗︿覆锛屽湪鍙︿竴涓粍鏄暟鍊笺€傝繖鏄笌鍏崇郴鍨嬫暟鎹簱鐨勮〃鐨勪竴涓尯鍒€傛€ц川瀹屽叏涓嶅悓鐨勬暟鎹紙姣斿products鍜宭ogs锛夊簲璇ュ瓨鎴愪袱涓?Index锛岃€屼笉鏄竴涓?Index 閲岄潰鐨勪袱涓?Type锛堣櫧鐒跺彲浠ュ仛鍒帮級銆?/p>
涓嬮潰鐨勫懡浠ゅ彲浠ュ垪鍑烘瘡涓?Index 鎵€鍖呭惈鐨?Type銆?code>
$ curl 鈥榣ocalhost:9200/_mapping?pretty=true鈥?code>鏍规嵁瑙勫垝锛孍lastic 6.x 鐗堝彧鍏佽姣忎釜 Index 鍖呭惈涓€涓?Type锛?.x 鐗堝皢浼氬交搴曠Щ闄?Type銆?/p>
涓夈€佹柊寤哄拰鍒犻櫎 Index
鏂板缓 Index锛屽彲浠ョ洿鎺ュ悜 Elastic 鏈嶅姟鍣ㄥ彂鍑?PUT 璇锋眰銆備笅闈㈢殑渚嬪瓙鏄柊寤轰竴涓悕鍙玾eather鐨?Index銆?/p>
$ curl-X PUT鈥榣ocalhost:9200/weather鈥?code>
鏈嶅姟鍣ㄨ繑鍥炰竴涓?JSON 瀵硅薄锛岄噷闈㈢殑acknowledged瀛楁琛ㄧず鎿嶄綔鎴愬姛銆?/p>
"acknowledged":true,
"shards_acknowledged":true
鐒跺悗锛屾垜浠彂鍑?DELETE 璇锋眰锛屽垹闄よ繖涓?Index銆?/p>
$ curl-X DELETE鈥榣ocalhost:9200/weather鈥?code>
鍥涖€佷腑鏂囧垎璇嶈缃?/p>
棣栧厛锛屽畨瑁呬腑鏂囧垎璇嶆彃浠躲€傝繖閲屼娇鐢ㄧ殑鏄?nbsp;ik锛屼篃鍙互鑰冭檻鍏朵粬鎻掍欢锛堟瘮濡?nbsp;smartcn锛夈€?/p>
$./bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v5.5.1/elasticsearch-analysis-ik-5.5.1.zip
涓婇潰浠g爜瀹夎鐨勬槸5.5.1鐗堢殑鎻掍欢锛屼笌 Elastic 5.5.1 閰嶅悎浣跨敤銆?/p>
鎺ョ潃锛岄噸鏂板惎鍔?Elastic锛屽氨浼氳嚜鍔ㄥ姞杞借繖涓柊瀹夎鐨勬彃浠躲€?/p>
鐒跺悗锛屾柊寤轰竴涓?Index锛屾寚瀹氶渶瑕佸垎璇嶇殑瀛楁銆傝繖涓€姝ユ牴鎹暟鎹粨鏋勮€屽紓锛屼笅闈㈢殑鍛戒护鍙拡瀵规湰鏂囥€傚熀鏈笂锛屽嚒鏄渶瑕佹悳绱㈢殑涓枃瀛楁锛岄兘瑕佸崟鐙缃竴涓嬨€?/p>
$ curl-X PUT鈥榣ocalhost:9200/accounts鈥?code> -d鈥?/pre>"mappings":"person":"properties":"user":"type": "text","analyzer": "ik_max_word","search_analyzer": "ik_max_word","title":"type": "text","analyzer": "ik_max_word","search_analyzer": "ik_max_word","desc":"type": "text","analyzer": "ik_max_word","search_analyzer": "ik_max_word"鈥?code>涓婇潰浠g爜涓紝棣栧厛鏂板缓涓€涓悕绉颁负accounts鐨?Index锛岄噷闈㈡湁涓€涓悕绉颁负person鐨?Type銆俻erson鏈変笁涓瓧娈点€?/p>
- § user
- § title
- § desc
杩欎笁涓瓧娈甸兘鏄腑鏂囷紝鑰屼笖绫诲瀷閮芥槸鏂囨湰锛坱ext锛夛紝鎵€浠ラ渶瑕佹寚瀹氫腑鏂囧垎璇嶅櫒锛屼笉鑳戒娇鐢ㄩ粯璁ょ殑鑻辨枃鍒嗚瘝鍣ㄣ€?/p>
Elastic 鐨勫垎璇嶅櫒绉颁负 analyzer銆傛垜浠姣忎釜瀛楁鎸囧畾鍒嗚瘝鍣ㄣ€?/p>
"user":
"type":"text",
"analyzer":"ik_max_word",
"search_analyzer":"ik_max_word"
涓婇潰浠g爜涓紝analyzer鏄瓧娈垫枃鏈殑鍒嗚瘝鍣紝search_analyzer鏄悳绱㈣瘝鐨勫垎璇嶅櫒銆俰k_max_word鍒嗚瘝鍣ㄦ槸鎻掍欢ik鎻愪緵鐨勶紝鍙互瀵规枃鏈繘琛屾渶澶ф暟閲忕殑鍒嗚瘝銆?/p>
浜斻€佹暟鎹搷浣?/p>
5.1 鏂板璁板綍
鍚戞寚瀹氱殑 /Index/Type 鍙戦€?PUT 璇锋眰锛屽氨鍙互鍦?Index 閲岄潰鏂板涓€鏉¤褰曘€傛瘮濡傦紝鍚?accounts/person鍙戦€佽姹傦紝灏卞彲浠ユ柊澧炰竴鏉′汉鍛樿褰曘€?/p>
$ curl-X PUT鈥榣ocalhost:9200/accounts/person/1鈥?code> -d鈥?/pre>"user": "寮犱笁","title": "宸ョ▼甯?,"desc": "鏁版嵁搴撶鐞?鈥?code>鏈嶅姟鍣ㄨ繑鍥炵殑 JSON 瀵硅薄锛屼細缁欏嚭 Index銆乀ype銆両d銆乂ersion 绛変俊鎭€?/p>
"_index":"accounts","_type":"person","_id":"1","_version":1,"result":"created","_shards":"total":2,"successful":1,"failed":0,"created":true濡傛灉浣犱粩缁嗙湅锛屼細鍙戠幇璇锋眰璺緞鏄?accounts/person/1锛屾渶鍚庣殑1鏄鏉¤褰曠殑 Id銆傚畠涓嶄竴瀹氭槸鏁板瓧锛屼换鎰忓瓧绗︿覆锛堟瘮濡俛bc锛夐兘鍙互銆?/p>
鏂板璁板綍鐨勬椂鍊欙紝涔熷彲浠ヤ笉鎸囧畾 Id锛岃繖鏃惰鏀规垚 POST 璇锋眰銆?/p>
$ curl-X POST鈥榣ocalhost:9200/accounts/person鈥?code> -d鈥?/pre>"user": "鏉庡洓","title": "宸ョ▼甯?,"desc": "绯荤粺绠$悊"鈥?code>涓婇潰浠g爜涓紝鍚?accounts/person鍙戝嚭涓€涓?POST 璇锋眰锛屾坊鍔犱竴涓褰曘€傝繖鏃讹紝鏈嶅姟鍣ㄨ繑鍥炵殑 JSON 瀵硅薄閲岄潰锛宊id瀛楁灏辨槸涓€涓殢鏈哄瓧绗︿覆銆?/p>
"_index":"accounts","_type":"person","_id":"AV3qGfrC6jMbsbXb6k1p","_version":1,"result":"created","_shards":"total":2,"successful":1,"failed":0,"created":true娉ㄦ剰锛屽鏋滄病鏈夊厛鍒涘缓 Index锛堣繖涓緥瀛愭槸accounts锛夛紝鐩存帴鎵ц涓婇潰鐨勫懡浠わ紝Elastic 涔熶笉浼氭姤閿欙紝鑰屾槸鐩存帴鐢熸垚鎸囧畾鐨?Index銆傛墍浠ワ紝鎵撳瓧鐨勬椂鍊欒灏忓績锛屼笉瑕佸啓閿?Index 鐨勫悕绉般€?/p>
5.2 鏌ョ湅璁板綍
鍚?Index/Type/Id鍙戝嚭 GET 璇锋眰锛屽氨鍙互鏌ョ湅杩欐潯璁板綍銆?/p>
$ curl鈥榣ocalhost:9200/accounts/person/1?pretty=true鈥?code>涓婇潰浠g爜璇锋眰鏌ョ湅/accounts/person/1杩欐潯璁板綍锛孶RL 鐨勫弬鏁皃retty=true琛ㄧず浠ユ槗璇荤殑鏍煎紡杩斿洖銆?/p>
杩斿洖鐨勬暟鎹腑锛宖ound瀛楁琛ㄧず鏌ヨ鎴愬姛锛宊source瀛楁杩斿洖鍘熷璁板綍銆?/p>
"_index":"accounts","_type":"person","_id":"1","_version":1,"found":true,"_source":"user":"寮犱笁","title":"宸ョ▼甯?,"desc":"鏁版嵁搴撶鐞?濡傛灉 Id 涓嶆纭紝灏辨煡涓嶅埌鏁版嵁锛宖ound瀛楁灏辨槸false銆?/p>
$ curl鈥榣ocalhost:9200/weather/beijing/abc?pretty=true鈥?code>"_index":"accounts","_type":"person","_id":"abc","found":false5.3 鍒犻櫎璁板綍
鍒犻櫎璁板綍灏辨槸鍙戝嚭 DELETE 璇锋眰銆?/p>
$ curl-X DELETE鈥榣ocalhost:9200/accounts/person/1鈥?code>杩欓噷鍏堜笉瑕佸垹闄よ繖鏉¤褰曪紝鍚庨潰杩樿鐢ㄥ埌銆?/p>
5.4 鏇存柊璁板綍
鏇存柊璁板綍灏辨槸浣跨敤 PUT 璇锋眰锛岄噸鏂板彂閫佷竴娆℃暟鎹€?/p>
$ curl-X PUT鈥榣ocalhost:9200/accounts/person/1鈥?code> -d鈥?/pre>"user" : "寮犱笁","title" : "宸ョ▼甯?,"desc" : "鏁版嵁搴撶鐞嗭紝杞欢寮€鍙?鈥?code>"_index":"accounts","_type":"person","_id":"1","_version":2,"result":"updated","_shards":"total":2,"successful":1,"failed":0,"created":false涓婇潰浠g爜涓紝鎴戜滑灏嗗師濮嬫暟鎹粠"鏁版嵁搴撶鐞?鏀规垚"鏁版嵁搴撶鐞嗭紝杞欢寮€鍙?銆?杩斿洖缁撴灉閲岄潰锛屾湁鍑犱釜瀛楁鍙戠敓浜嗗彉鍖栥€?/p>
"_version":2,"result":"updated","created":false鍙互鐪嬪埌锛岃褰曠殑 Id 娌″彉锛屼絾鏄増鏈紙version锛変粠1鍙樻垚2锛屾搷浣滅被鍨嬶紙result锛変粠created鍙樻垚updated锛宑reated瀛楁鍙樻垚false锛屽洜涓鸿繖娆′笉鏄柊寤鸿褰曘€?/p>
鍏€佹暟鎹煡璇?/p>
6.1 杩斿洖鎵€鏈夎褰?/p>
浣跨敤 GET 鏂规硶锛岀洿鎺ヨ姹?Index/Type/_search锛屽氨浼氳繑鍥炴墍鏈夎褰曘€?/p>
$ curl鈥榣ocalhost:9200/accounts/person/_search鈥?code>"took":2,"timed_out":false,"_shards":"total":5,"successful":5,"failed":0,"hits":"total":2,"max_score":1.0,"hits":["_index":"accounts","_type":"person","_id":"AV3qGfrC6jMbsbXb6k1p","_score":1.0,"_source":"user":"鏉庡洓","title":"宸ョ▼甯?,"desc":"绯荤粺绠$悊","_index":"accounts","_type":"person","_id":"1","_score":1.0,"_source":"user":"寮犱笁","title":"宸ョ▼甯?,"desc":"鏁版嵁搴撶鐞嗭紝杞欢寮€鍙?]涓婇潰浠g爜涓紝杩斿洖缁撴灉鐨?nbsp;took瀛楁琛ㄧず璇ユ搷浣滅殑鑰楁椂锛堝崟浣嶄负姣锛夛紝timed_out瀛楁琛ㄧず鏄惁瓒呮椂锛宧its瀛楁琛ㄧず鍛戒腑鐨勮褰曪紝閲岄潰瀛愬瓧娈电殑鍚箟濡備笅銆?/p>
- §
total锛氳繑鍥炶褰曟暟锛屾湰渚嬫槸2鏉°€?/li> - §
max_score锛氭渶楂樼殑鍖归厤绋嬪害锛屾湰渚嬫槸1.0銆?/li> - §
hits锛氳繑鍥炵殑璁板綍缁勬垚鐨勬暟缁勩€?/li>
杩斿洖鐨勮褰曚腑锛屾瘡鏉¤褰曢兘鏈変竴涓猒score瀛楁锛岃〃绀哄尮閰嶇殑绋嬪簭锛岄粯璁ゆ槸鎸夌収杩欎釜瀛楁闄嶅簭鎺掑垪銆?/p>
6.2 鍏ㄦ枃鎼滅储
Elastic 鐨勬煡璇㈤潪甯哥壒鍒紝浣跨敤鑷繁鐨勬煡璇㈣娉曪紝瑕佹眰 GET 璇锋眰甯︽湁鏁版嵁浣撱€?/p>
$ curl鈥榣ocalhost:9200/accounts/person/_search鈥?code> -d鈥?/pre>"query" : "match" : "desc" : "杞欢"鈥?code>涓婇潰浠g爜浣跨敤 Match鏌ヨ锛屾寚瀹氱殑鍖归厤鏉′欢鏄痙esc瀛楁閲岄潰鍖呭惈"杞欢"杩欎釜璇嶃€傝繑鍥炵粨鏋滃涓嬨€?/p>
"took":3,"timed_out":false,"_shards":"total":5,"successful":5,"failed":0,"hits":"total":1,"max_score":0.28582606,"hits":["_index":"accounts","_type":"person","_id":"1","_score":0.28582606,"_source":"user":"寮犱笁","title":"宸ョ▼甯?,"desc":"鏁版嵁搴撶鐞嗭紝杞欢寮€鍙?]Elastic 榛樿涓€娆¤繑鍥?0鏉$粨鏋滐紝鍙互閫氳繃size瀛楁鏀瑰彉杩欎釜璁剧疆銆?/p>
$ curl鈥榣ocalhost:9200/accounts/person/_search鈥?code> -d鈥?/pre>"query" : "match" : "desc" : "绠$悊" ,"size": 1鈥?code>涓婇潰浠g爜鎸囧畾锛屾瘡娆″彧杩斿洖涓€鏉$粨鏋溿€?/p>
杩樺彲浠ラ€氳繃from瀛楁锛屾寚瀹氫綅绉汇€?/p>
$ curl鈥榣ocalhost:9200/accounts/person/_search鈥?code> -d鈥?/pre>"query" : "match" : "desc" : "绠$悊" ,"from": 1,"size": 1鈥?code>涓婇潰浠g爜鎸囧畾锛屼粠浣嶇疆1寮€濮嬶紙榛樿鏄粠浣嶇疆0寮€濮嬶級锛屽彧杩斿洖涓€鏉$粨鏋溿€?/p>
6.3 閫昏緫杩愮畻
濡傛灉鏈夊涓悳绱㈠叧閿瓧锛?Elastic 璁や负瀹冧滑鏄痮r鍏崇郴銆?/p>
$ curl鈥榣ocalhost:9200/accounts/person/_search鈥?code> -d鈥?/pre>"query" : "match" : "desc" : "杞欢 绯荤粺"鈥?code>涓婇潰浠g爜鎼滅储鐨勬槸杞欢 or 绯荤粺銆?/p>
濡傛灉瑕佹墽琛屽涓叧閿瘝鐨刟nd鎼滅储锛屽繀椤讳娇鐢?a href="https://www.elastic.co/guide/en/elasticsearch/reference/5.5/query-dsl-bool-query.html" target="_blank">甯冨皵鏌ヨ銆?/p>
$ curl鈥榣ocalhost:9200/accounts/person/_search鈥?code> -d鈥?/pre>"query":"bool":"must": ["match": "desc": "杞欢" ,"match": "desc": "绯荤粺"]鈥?/pre>
以上是关于FILEBEAT+ELK鏃ュ織鏀堕泦骞冲彴鎼缓娴佺▼的主要内容,如果未能解决你的问题,请参考以下文章