ELK日志分析平台：Elasticsearch 安装与基本操作，kibana安装

it2023-12-27 74

ELK日志分析平台

ELK架构图例

#mermaid-svg-2sfc3HXHlQdrDWl6 .label{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);fill:#333;color:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .label text{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .node rect,#mermaid-svg-2sfc3HXHlQdrDWl6 .node circle,#mermaid-svg-2sfc3HXHlQdrDWl6 .node ellipse,#mermaid-svg-2sfc3HXHlQdrDWl6 .node polygon,#mermaid-svg-2sfc3HXHlQdrDWl6 .node path{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-2sfc3HXHlQdrDWl6 .node .label{text-align:center;fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .node.clickable{cursor:pointer}#mermaid-svg-2sfc3HXHlQdrDWl6 .arrowheadPath{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .edgePath .path{stroke:#333;stroke-width:1.5px}#mermaid-svg-2sfc3HXHlQdrDWl6 .flowchart-link{stroke:#333;fill:none}#mermaid-svg-2sfc3HXHlQdrDWl6 .edgeLabel{background-color:#e8e8e8;text-align:center}#mermaid-svg-2sfc3HXHlQdrDWl6 .edgeLabel rect{opacity:0.9}#mermaid-svg-2sfc3HXHlQdrDWl6 .edgeLabel span{color:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .cluster rect{fill:#ffffde;stroke:#aa3;stroke-width:1px}#mermaid-svg-2sfc3HXHlQdrDWl6 .cluster text{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:12px;background:#ffffde;border:1px solid #aa3;border-radius:2px;pointer-events:none;z-index:100}#mermaid-svg-2sfc3HXHlQdrDWl6 .actor{stroke:#ccf;fill:#ECECFF}#mermaid-svg-2sfc3HXHlQdrDWl6 text.actor>tspan{fill:#000;stroke:none}#mermaid-svg-2sfc3HXHlQdrDWl6 .actor-line{stroke:grey}#mermaid-svg-2sfc3HXHlQdrDWl6 .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .messageLine1{stroke-width:1.5;stroke-dasharray:2, 2;stroke:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 #arrowhead path{fill:#333;stroke:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .sequenceNumber{fill:#fff}#mermaid-svg-2sfc3HXHlQdrDWl6 #sequencenumber{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 #crosshead path{fill:#333;stroke:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .messageText{fill:#333;stroke:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .labelBox{stroke:#ccf;fill:#ECECFF}#mermaid-svg-2sfc3HXHlQdrDWl6 .labelText,#mermaid-svg-2sfc3HXHlQdrDWl6 .labelText>tspan{fill:#000;stroke:none}#mermaid-svg-2sfc3HXHlQdrDWl6 .loopText,#mermaid-svg-2sfc3HXHlQdrDWl6 .loopText>tspan{fill:#000;stroke:none}#mermaid-svg-2sfc3HXHlQdrDWl6 .loopLine{stroke-width:2px;stroke-dasharray:2, 2;stroke:#ccf;fill:#ccf}#mermaid-svg-2sfc3HXHlQdrDWl6 .note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-2sfc3HXHlQdrDWl6 .noteText,#mermaid-svg-2sfc3HXHlQdrDWl6 .noteText>tspan{fill:#000;stroke:none}#mermaid-svg-2sfc3HXHlQdrDWl6 .activation0{fill:#f4f4f4;stroke:#666}#mermaid-svg-2sfc3HXHlQdrDWl6 .activation1{fill:#f4f4f4;stroke:#666}#mermaid-svg-2sfc3HXHlQdrDWl6 .activation2{fill:#f4f4f4;stroke:#666}#mermaid-svg-2sfc3HXHlQdrDWl6 .mermaid-main-font{font-family:"trebuchet ms", verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 .section{stroke:none;opacity:0.2}#mermaid-svg-2sfc3HXHlQdrDWl6 .section0{fill:rgba(102,102,255,0.49)}#mermaid-svg-2sfc3HXHlQdrDWl6 .section2{fill:#fff400}#mermaid-svg-2sfc3HXHlQdrDWl6 .section1,#mermaid-svg-2sfc3HXHlQdrDWl6 .section3{fill:#fff;opacity:0.2}#mermaid-svg-2sfc3HXHlQdrDWl6 .sectionTitle0{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .sectionTitle1{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .sectionTitle2{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .sectionTitle3{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .sectionTitle{text-anchor:start;font-size:11px;text-height:14px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 .grid .tick{stroke:#d3d3d3;opacity:0.8;shape-rendering:crispEdges}#mermaid-svg-2sfc3HXHlQdrDWl6 .grid .tick text{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 .grid path{stroke-width:0}#mermaid-svg-2sfc3HXHlQdrDWl6 .today{fill:none;stroke:red;stroke-width:2px}#mermaid-svg-2sfc3HXHlQdrDWl6 .task{stroke-width:2}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskText{text-anchor:middle;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskText:not([font-size]){font-size:11px}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskTextOutsideRight{fill:#000;text-anchor:start;font-size:11px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskTextOutsideLeft{fill:#000;text-anchor:end;font-size:11px}#mermaid-svg-2sfc3HXHlQdrDWl6 .task.clickable{cursor:pointer}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskText.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskTextOutsideLeft.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskTextOutsideRight.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskText0,#mermaid-svg-2sfc3HXHlQdrDWl6 .taskText1,#mermaid-svg-2sfc3HXHlQdrDWl6 .taskText2,#mermaid-svg-2sfc3HXHlQdrDWl6 .taskText3{fill:#fff}#mermaid-svg-2sfc3HXHlQdrDWl6 .task0,#mermaid-svg-2sfc3HXHlQdrDWl6 .task1,#mermaid-svg-2sfc3HXHlQdrDWl6 .task2,#mermaid-svg-2sfc3HXHlQdrDWl6 .task3{fill:#8a90dd;stroke:#534fbc}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskTextOutside0,#mermaid-svg-2sfc3HXHlQdrDWl6 .taskTextOutside2{fill:#000}#mermaid-svg-2sfc3HXHlQdrDWl6 .taskTextOutside1,#mermaid-svg-2sfc3HXHlQdrDWl6 .taskTextOutside3{fill:#000}#mermaid-svg-2sfc3HXHlQdrDWl6 .active0,#mermaid-svg-2sfc3HXHlQdrDWl6 .active1,#mermaid-svg-2sfc3HXHlQdrDWl6 .active2,#mermaid-svg-2sfc3HXHlQdrDWl6 .active3{fill:#bfc7ff;stroke:#534fbc}#mermaid-svg-2sfc3HXHlQdrDWl6 .activeText0,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeText1,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeText2,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeText3{fill:#000 !important}#mermaid-svg-2sfc3HXHlQdrDWl6 .done0,#mermaid-svg-2sfc3HXHlQdrDWl6 .done1,#mermaid-svg-2sfc3HXHlQdrDWl6 .done2,#mermaid-svg-2sfc3HXHlQdrDWl6 .done3{stroke:grey;fill:#d3d3d3;stroke-width:2}#mermaid-svg-2sfc3HXHlQdrDWl6 .doneText0,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneText1,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneText2,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneText3{fill:#000 !important}#mermaid-svg-2sfc3HXHlQdrDWl6 .crit0,#mermaid-svg-2sfc3HXHlQdrDWl6 .crit1,#mermaid-svg-2sfc3HXHlQdrDWl6 .crit2,#mermaid-svg-2sfc3HXHlQdrDWl6 .crit3{stroke:#f88;fill:red;stroke-width:2}#mermaid-svg-2sfc3HXHlQdrDWl6 .activeCrit0,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeCrit1,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeCrit2,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeCrit3{stroke:#f88;fill:#bfc7ff;stroke-width:2}#mermaid-svg-2sfc3HXHlQdrDWl6 .doneCrit0,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneCrit1,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneCrit2,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneCrit3{stroke:#f88;fill:#d3d3d3;stroke-width:2;cursor:pointer;shape-rendering:crispEdges}#mermaid-svg-2sfc3HXHlQdrDWl6 .milestone{transform:rotate(45deg) scale(0.8, 0.8)}#mermaid-svg-2sfc3HXHlQdrDWl6 .milestoneText{font-style:italic}#mermaid-svg-2sfc3HXHlQdrDWl6 .doneCritText0,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneCritText1,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneCritText2,#mermaid-svg-2sfc3HXHlQdrDWl6 .doneCritText3{fill:#000 !important}#mermaid-svg-2sfc3HXHlQdrDWl6 .activeCritText0,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeCritText1,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeCritText2,#mermaid-svg-2sfc3HXHlQdrDWl6 .activeCritText3{fill:#000 !important}#mermaid-svg-2sfc3HXHlQdrDWl6 .titleText{text-anchor:middle;font-size:18px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 g.classGroup text{fill:#9370db;stroke:none;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:10px}#mermaid-svg-2sfc3HXHlQdrDWl6 g.classGroup text .title{font-weight:bolder}#mermaid-svg-2sfc3HXHlQdrDWl6 g.clickable{cursor:pointer}#mermaid-svg-2sfc3HXHlQdrDWl6 g.classGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-2sfc3HXHlQdrDWl6 g.classGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 .classLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.5}#mermaid-svg-2sfc3HXHlQdrDWl6 .classLabel .label{fill:#9370db;font-size:10px}#mermaid-svg-2sfc3HXHlQdrDWl6 .relation{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-2sfc3HXHlQdrDWl6 .dashed-line{stroke-dasharray:3}#mermaid-svg-2sfc3HXHlQdrDWl6 #compositionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 #compositionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 #aggregationStart{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 #aggregationEnd{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 #dependencyStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 #dependencyEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 #extensionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 #extensionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 .commit-id,#mermaid-svg-2sfc3HXHlQdrDWl6 .commit-msg,#mermaid-svg-2sfc3HXHlQdrDWl6 .branch-label{fill:lightgrey;color:lightgrey;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 .pieTitleText{text-anchor:middle;font-size:25px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 .slice{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 g.stateGroup text{fill:#9370db;stroke:none;font-size:10px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 g.stateGroup text{fill:#9370db;fill:#333;stroke:none;font-size:10px}#mermaid-svg-2sfc3HXHlQdrDWl6 g.statediagram-cluster .cluster-label text{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 g.stateGroup .state-title{font-weight:bolder;fill:#000}#mermaid-svg-2sfc3HXHlQdrDWl6 g.stateGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-2sfc3HXHlQdrDWl6 g.stateGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-2sfc3HXHlQdrDWl6 .transition{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-2sfc3HXHlQdrDWl6 .stateGroup .composit{fill:white;border-bottom:1px}#mermaid-svg-2sfc3HXHlQdrDWl6 .stateGroup .alt-composit{fill:#e0e0e0;border-bottom:1px}#mermaid-svg-2sfc3HXHlQdrDWl6 .state-note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-2sfc3HXHlQdrDWl6 .state-note text{fill:black;stroke:none;font-size:10px}#mermaid-svg-2sfc3HXHlQdrDWl6 .stateLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.7}#mermaid-svg-2sfc3HXHlQdrDWl6 .edgeLabel text{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .stateLabel text{fill:#000;font-size:10px;font-weight:bold;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-2sfc3HXHlQdrDWl6 .node circle.state-start{fill:black;stroke:black}#mermaid-svg-2sfc3HXHlQdrDWl6 .node circle.state-end{fill:black;stroke:white;stroke-width:1.5}#mermaid-svg-2sfc3HXHlQdrDWl6 #statediagram-barbEnd{fill:#9370db}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-cluster rect{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-cluster rect.outer{rx:5px;ry:5px}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-state .divider{stroke:#9370db}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-state .title-state{rx:5px;ry:5px}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-cluster.statediagram-cluster .inner{fill:white}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-cluster.statediagram-cluster-alt .inner{fill:#e0e0e0}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-cluster .inner{rx:0;ry:0}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-state rect.basic{rx:5px;ry:5px}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-state rect.divider{stroke-dasharray:10,10;fill:#efefef}#mermaid-svg-2sfc3HXHlQdrDWl6 .note-edge{stroke-dasharray:5}#mermaid-svg-2sfc3HXHlQdrDWl6 .statediagram-note rect{fill:#fff5ad;stroke:#aa3;stroke-width:1px;rx:0;ry:0}:root{--mermaid-font-family: '"trebuchet ms", verdana, arial';--mermaid-font-family: "Comic Sans MS", "Comic Sans", cursive}#mermaid-svg-2sfc3HXHlQdrDWl6 .error-icon{fill:#522}#mermaid-svg-2sfc3HXHlQdrDWl6 .error-text{fill:#522;stroke:#522}#mermaid-svg-2sfc3HXHlQdrDWl6 .edge-thickness-normal{stroke-width:2px}#mermaid-svg-2sfc3HXHlQdrDWl6 .edge-thickness-thick{stroke-width:3.5px}#mermaid-svg-2sfc3HXHlQdrDWl6 .edge-pattern-solid{stroke-dasharray:0}#mermaid-svg-2sfc3HXHlQdrDWl6 .edge-pattern-dashed{stroke-dasharray:3}#mermaid-svg-2sfc3HXHlQdrDWl6 .edge-pattern-dotted{stroke-dasharray:2}#mermaid-svg-2sfc3HXHlQdrDWl6 .marker{fill:#333}#mermaid-svg-2sfc3HXHlQdrDWl6 .marker.cross{stroke:#333} :root { --mermaid-font-family: "trebuchet ms", verdana, arial;} #mermaid-svg-2sfc3HXHlQdrDWl6 { color: rgba(0, 0, 0, 0.75); font: ; } ES Cluster Logstash web cluster web1 web2 web3 Elasticsearch Elasticsearch Elasticsearch Elasticsearch Elasticsearch output filter input filebeat apache filebeat apache filebeat apache kibana

Elasticsearch 安装

在跳板机上配置 yum 仓库

拷贝云盘 rpm-package/elk 目录到跳板机

[root@ecs-proxy ~]# cp -a elk /var/ftp/localrepo/elk [root@ecs-proxy elk]# cd /var/ftp/localrepo/ [root@ecs-proxy localrepo]# createrepo --update .

购买云主机

主机IP地址配置es-0001192.168.1.41最低配置1核1Ges-0002192.168.1.42最低配置1核1Ges-0003192.168.1.43最低配置1核1Ges-0004192.168.1.44最低配置1核1Ges-0005192.168.1.45最低配置1核1G

单机安装

[root@es-0001 ~]# vim /etc/hosts 192.168.1.41 es-0001 [root@es-0001 ~]# yum install -y java-1.8.0-openjdk elasticsearch [root@es-0001 ~]# vim /etc/elasticsearch/elasticsearch.yml 54： network.host: 0.0.0.0 [root@es-0001 ~]# systemctl enable --now elasticsearch [root@es-0001 ~]# curl http://192.168.1.41:9200/ { "name" : "War Eagle", "cluster_name" : "elasticsearch", "version" : { "number" : "2.3.4", "build_hash" : "e455fd0c13dceca8dbbdbb1665d068ae55dabe3f", "build_timestamp" : "2016-06-30T11:24:31Z", "build_snapshot" : false, "lucene_version" : "5.5.0" }, "tagline" : "You Know, for Search" }

集群安装

es-0001 … es-0005 所有主机，都要执行以下操作

[root@es-0001 ~]# vim /etc/hosts 192.168.1.41 es-0001 192.168.1.42 es-0002 192.168.1.43 es-0003 192.168.1.44 es-0004 192.168.1.45 es-0005 [root@es-0001 ~]# yum install -y java-1.8.0-openjdk elasticsearch [root@es-0001 ~]# vim /etc/elasticsearch/elasticsearch.yml 17： cluster.name: my-es 23： node.name: es-0001 # 本机主机名 54： network.host: 0.0.0.0 68： discovery.zen.ping.unicast.hosts: ["es-0001", "es-0002", "es-0003"] [root@es-0001 ~]# systemctl enable --now elasticsearch [root@es-0001 ~]# curl http://192.168.1.41:9200/_cluster/health?pretty { "cluster_name" : "my-es", "status" : "green", "timed_out" : false, "number_of_nodes" : 5, "number_of_data_nodes" : 5, ... ... }

插件安装

拷贝云盘 public/elk 目录到跳板机

# 本地安装，拷贝 bigdesk 插件文件到 es-0005 [root@es-0005 ~]# /usr/share/elasticsearch/bin/plugin install file:///root/bigdesk-master.zip [root@es-0005 ~]# /usr/share/elasticsearch/bin/plugin list Installed plugins in /usr/share/elasticsearch/plugins: - bigdesk # 远程安装，把插件拷贝到跳板机的ftp目录下 [root@es-0005 ~]# /usr/share/elasticsearch/bin/plugin install ftp://192.168.1.252/public/elk/elasticsearch-kopf-master.zip [root@es-0005 ~]# /usr/share/elasticsearch/bin/plugin install ftp://192.168.1.252/public/elk/elasticsearch-head-master.zip [root@es-0005 ~]# /usr/share/elasticsearch/bin/plugin list Installed plugins in /usr/share/elasticsearch/plugins: - head - bigdesk - kopf

访问插件：

1、华为云绑定弹性公网IP给 es-0005 节点

2、http://弹性公网IP:9200/_plugin/插件名称 [bigdesk|head|kopf]

http://公网IP:9200/_plugin/kopf http://公网IP:9200/_plugin/head http://公网IP:9200/_plugin/bigdesk

Elasticsearch基本操作

查询_cat方法

# 查询支持的关键字 [root@es-0001 ~]# curl -XGET http://es-0001:9200/_cat/ # 查具体的信息 [root@es-0001 ~]# curl -XGET http://es-0001:9200/_cat/master # 显示详细信息 ?v [root@es-0001 ~]# curl -XGET http://es-0001:9200/_cat/master?v # 显示帮助信息 ?help [root@es-0001 ~]# curl -XGET http://es-0001:9200/_cat/master?help

创建索引

指定索引的名称，指定分片数量，指定副本数量

创建索引使用 PUT 方法，创建完成以后通过 head 插件验证

[root@es-0001 ~]# curl -XPUT http://es-0001:9200/tedu -d \ '{ "settings":{ "index":{ "number_of_shards": 5, "number_of_replicas": 1 } } }'

增加数据

[root@es-0001 ~]# curl -XPUT http://es-0001:9200/tedu/teacher/1 -d \ '{ "职业": "诗人", "名字": "李白", "称号": "诗仙", "年代": "唐" }'

查询数据

[root@es-0001 ~]# curl -XGET http://es-0001:9200/tedu/teacher/1?pretty

修改数据

[root@es-0001 ~]# curl -XPOST http://es-0001:9200/tedu/teacher/1/_update -d '{ "doc": { "年代": "公元701" } }'

删除数据

# 删除一条 [root@es-0001 ~]# curl -XDELETE http://es-0001:9200/tedu/teacher/1 # 删除索引 [root@es-0001 ~]# curl -XDELETE http://es-0001:9200/tedu # 删除所有 [root@es-0001 ~]# curl -XDELETE http://es-0001:9200/*

kibana安装

购买云主机

主机IP地址配置kibana192.168.1.46最低配置1核1G

安装kibana

[root@kibana ~]# vim /etc/hosts 192.168.1.41 es-0001 192.168.1.42 es-0002 192.168.1.43 es-0003 192.168.1.44 es-0004 192.168.1.45 es-0005 192.168.1.46 kibana [root@kibana ~]# yum install -y kibana [root@kibana ~]# vim /opt/kibana/config/kibana.yml 02 server.port: 5601 05 server.host: "0.0.0.0" 15 elasticsearch.url: "http://es-0001:9200" 23 kibana.index: ".kibana" 26 kibana.defaultAppId: "discover" [root@kibana ~]# systemctl enable --now kibana

绑定弹性公网IP，通过 WEB 浏览器验证

http://弹性公网IP:5601/status

导入日志数据

拷贝云盘 public/elk/logs.jsonl.gz 到跳板机

[root@ecs-proxy ~]# gunzip logs.jsonl.gz [root@ecs-proxy ~]# curl -XPOST http://192.168.1.41:9200/_bulk --data-binary @logs.jsonl

最新回复(0)