调用其API会返回很多信息,例如集群的信息,节点的信息等
检查集群的状态----Restful API说明
1:检查集群状态信息
2:管理集群
3:执行 增删改查 命令
4:执行高级命令
Restful API的访问接口
http://192.168.23.10:9200
http://192.168.23.10:9200/?pretty (使用美化的形式查看json数据)
http://192.168.23.10:9200/_cat (可以查看许多API接口)
例如:http://192.168.23.10:9200/_cat/nodes(节点个数)
例如:http://192.168.23.10:9200/_cat/nodes?v(信息信息)
1:stats
2:health
3:state
4:nodes
http://192.168.23.10:9200/_nodes/health
http://192.168.23.10:9200/_cluster/health
http://192.168.23.10:9200/_cluster/health?pretty
(三)
ElasticSearch Plugins 简要介绍
ElasticSearch提供了很多丰富的插件,能够给我们很直观的管理集群和查看集群
安装插件
1:将插件放入插件的目录中,就像PHP一样安装插件, 插件目录在/usr/share/elasticsearch/plugins
2:使用plugin命令安装
/usr/share/elasticsearch/bin/plugin ,如果经常使用,可以将插件命令写入环境变量PAHT中
/usr/share/elasticsearch/bin/plugin --help
install Install a plugin
remove Remove a plugin
list List installed plugins
/usr/share/elasticsearch/bin/plugin install --help
3:安装插件
/usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
/usr/share/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
/usr/share/elasticsearch/bin/plugin install license
/usr/share/elasticsearch/bin/plugin install marvel-agent
4:在浏览器上就可以访问创建提供的接口
192.168.23.10:9200/_plugin/head
192.168.23.10:9200/_plugin/kopf
手动创建document
(文档的数值类型有:字符串,数值,布尔,时间)
1:手动创建index、document
curl -X PUT '192.168.23.10:9200/uplooking/ops/dage?pretty' -d '{"name": "dage", "age": 20}'
{
"_index" : "uplooking",
"_type" : "ops",
"_id" : "dage",
"_version" : 1,
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"created" : true
}
curl -X PUT '192.168.23.10:9200/uplooking/ops/xiaoge?pretty' -d '{"name": "xiaoge", "age": 20}'
{
"_index" : "uplooking",
"_type" : "ops",
"_id" : "xiaoge",
"_version" : 1,
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"created" : true
}
2:取出通过index取出document
curl -X GET '192.168.23.10:9200/uplooking/ops/xiaoge?pretty'
{
"_index" : "uplooking",
"_type" : "ops",
"_id" : "xiaoge",
"_version" : 1,
"found" : true,
"_source" : {
"name" : "xiaoge",
"age" : 20
}
}
手动修改document
curl -X POST 192.168.23.10:9200/uplooking/ops/xiaoge/_update?pretty -d '{ "doc": {"age": 19} }'
{
"_index" : "uplooking",
"_type" : "ops",
"_id" : "xiaoge",
"_version" : 2,
"found" : true,
"_source" : {
"name" : "xiaoge",
"age" : 19
}
}
手动删除document
curl -X DELETE 192.168.23.10:9200/uplooking/ops/dage?pretty
查看当前的索引
curl -X GET 192.168.23.10:9200/_cat/indices?v
删除索引
curl -X DELETE 192.168.23.10:9200/uplooking
搜索数据(查询数据) DSL查询语言介绍
使用这个工具查看:http://www.bejson.com/jsonviewernew/
1:使用restful API查询(query DSL)
curl -X GET 192.168.23.10:9200/uplooking/_search?pretty(查询uplooking索引的文档)
curl -X GET 192.168.23.10:9200/_search?pretty (查询所有索引的文档)
2:使用rest 查询(filter DSL,速度较快,可以缓存查询结果)
curl -X GET '192.168.23.10:9200/uplooking/_search?pretty' -d '{ "query": { "match_all": {}} }'
curl -X GET '192.168.23.10:9200/uplooking/_search?pretty' -d '{ "query": { "term": { "age": 20 }} }'
curl -X GET '192.168.23.10:9200/uplooking/_search?pretty' -d '{ "query": { "terms": { "age": [19, 20] }} }'
映射和分析
mapping and analysis
curl -X GET '192.168.23.10:9200/uplooking/_search?q=20&pretty'
curl -X GET '192.168.23.10:9200/uplooking/_search?q=age:20&pretty'
curl -X GET '192.168.23.10:9200/uplooking/_mapping/ops?pretty'
需要使用分词工具
Logstash 安装
(依赖于jruby编译器,因此需要配置Java环境)
1:查看当前的Java JDK版本,是否符合要求,下载的为2.4.4版本,因此满足条件
[root@7 ~]# java -version
openjdk version "1.8.0_65"
2:指定JAVA_HOST的环境变量所在路径
编辑/etc/profile.d/java.sh文件,添加
export JAVA_HOME=/usr
. /etc/profile.d/java.sh
3:安装java-1.8.0-openjdk-devel.x86_64包
yum install -y java-1.8.0-openjdk-devel.x86_64(这里应该将JDK跟新至最新版本了)
4: 下载RPM包,或者配置yum源
①:https://www.elastic.co/downloads/past-releases/logstash-2-4-0
②:https://www.elastic.co/guide/en/logstash/2.4/installing-logstash.html
5:安装完毕之后,将其命令添加至PATH中
编辑/etc/profile.d/logstash.sh,添加
export PATH=/opt/logstash/bin:$PATH
. /etc/profile.d/logstash.sh
6:logstash的配置文件用于指定插件的运作机制,支持四种插件:input、filter、codec、output,编辑/etc/logstash/conf.d/easy.conf,这里至写了三种插件,filter插件使用其默认值
# 指定数据从哪里来
input {
stdin {}
}
# 指定数据到哪里去
output {
stdout {
codec => rubydebug
}
}
7:检查配置文件是否正确
logstash -f /etc/logstash/conf.d/easy.conf --configtest
8:运行logstash
logstash -f /etc/logstash/conf.d/easy.conf
9:运行之后,直接在底下输入一条日志数据,让其清洗,返回的应该是json的数据
Oct 3 15:17:21 7 NetworkManager[531]: <info> (enp0s3): device state change: secondaries -> activated (reason 'none') [90 100 0]
{
"message" => "Oct 3 15:17:21 7 NetworkManager[531]: <info> (enp0s3): device state change: secondaries -> activated (reason 'none') [90 100 0]",
"@version" => "1",
"@timestamp" => "2017-10-04T14:31:00.987Z",
"host" => "7"
}
10:参考文档
https://www.elastic.co/guide/en/logstash/2.4/index.html
Logstash 常用插件介绍
1:input 插件
①:file:监听文件的最后一行,就是tail -f 一样
创建一个
input {
file {
path => ["/var/log/messages"]
type => "system"
start_position => "beginning"
}
}
output {
stdout {
codec => rubydebug
}
}
logstash -f
logstash -f
②:udp:使用udp连接获取数据,必须指明的参数为port,自己监听的端口,host指明监听的地址
首先必须安装collectd程序,collectd是一个守护(daemon)进程,用来定期收集系统和应用程序的性能指标,同时提供了机制,以不同的方式来存储这些指标值,这里将collectd安装在logstash服务器本地。推荐一篇文章:https://linux.cn/article-5252-1.html ,到时候,可以使用Python的多线程多进程模型完成collectd的功能
yum install -y collectd
vi
Hostname "localhost"
打开LoadPlugin network
添加network插件的配置
<Plugin network>
<Server "192.168.23.13" "25826">
</Server>
</Plugin>
systemctl start collectd.service
systemctl status collectd.service
input {
udp {
port => 25826
codec => collectd {}
type => "collectd"
}
}
output {
stdout {
codec => rubydebug
}
}
logstash -f
2:redis插件
从Redis中获得数据,什么是Redis,Redis是一个开源的使用ANSI C语言编写、支持网络、可基于内存亦可持久化的日志型、Key-Value数据库,并提供多种语言的API。支持redis 通道(channel)和 列表(lists)
3:filter插件:信息有input插件输入,filter插件将信息过滤,清洗,之后再有output插件输出
①:grok插件介绍:清洗文本数据,最常用就是清洗web日志,这个功能Python可以做
grok正则匹配文件:/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns/grok-patterns
grok语法说明:
# 如果是匹配到192.168.23.111 那么就清洗为clientip: 192.168.23.111
COMMONAPACHELOG %{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} [%{HTTPDATE:timestamp}] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-)
官方示例:https://www.elastic.co/guide/en/logstash/2.4/plugins-filters-grok.html
# 创建/etc/logstash/conf.d/grok.conf,添加内容如下
input {
file {
# 指明文件路径,这里使用列表的形式,表示可以读取多个文件
path => ["/var/log/httpd/access_log"]
# 指明类型为system类型
type => "system"
# 指定读取的起始位置,如果"end",将会从文件结尾处开始读取
start_position => "end"
}
}
filter {
grok {
# 指定匹配的正则表达式
# match => { "message" => "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}" }
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
stdout {
# 指定编码格式
codec => rubydebug
}
}
# 检查配置文件
# 运行logstash
例如
URIPARM1 [A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?-[]]*
URIPATH1 (?:/[A-Za-z0-9$.+!*'(){},~:;=@#%&_- ]*)+
URI1 (%{URIPROTO}://)?(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?
NGINXACCESS %{IPORHOST:remote_addr} - (%{USERNAME:user}|-) [%{HTTPDATE:log_timestamp}] %{HOSTNAME:http_host} %{WORD:request_method} "%{URIPATH1:uri}" "%{URIPARM1:param}" %{BASE10NUM:http_status} (?:%{BASE10NUM:body_bytes_sent}|-) "(?:%{URI1:http_referrer}|-)" (%{BASE10NUM:upstream_status}|-) (?:%{HOSTPORT:upstream_addr}|-) (%{BASE16FLOAT:upstream_response_time}|-) (%{BASE16FLOAT:request_time}|-) (?:%{QUOTEDSTRING:user_agent}|-) "(%{IPV4:client_ip}|-)" "(%{WORD:x_forword_for}|-)"