一. kibana安装
1.到官网或是用brew下载kibana 安装包,这边我们选择在官网下载对应的安装包 https://www.elastic.co/cn/downloads/kibana
2.解压缩到对应的目录下,我们解压缩到了 /usr/local/kibana-6.5.2-darwin-x86_64
解压缩后的相关目录如下:
➜ kibana-6.5.2-darwin-x86_64 ls LICENSE.txt bin node package.json webpackShims NOTICE.txt config node_modules plugins README.txt data optimize src
3.快速启动
cd 到对应的bin目录下,执行nohup sh kibana &
查看启动日志:
1 {"type":"response","@timestamp":"2018-12-19T11:20:30Z","tags":[],"pid":8563,"method":"post","statusCode":200,"req":{"url":"/api/console/proxy?path=_template&method=GET","method":"post","headers":{"host":"localhost:5601","connection":"keep-alive","content-length":"0","accept":"text/plain, */*; q=0.01","origin":"http://localhost:5601","kbn-version":"6.5.2","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36","referer":"http://localhost:5601/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"zh-CN,zh;q=0.9,en;q=0.8"},"remoteAddress":"::1","userAgent":"::1","referer":"http://localhost:5601/app/kibana"},"res":{"statusCode":200,"responseTime":22,"contentLength":9},"message":"POST /api/console/proxy?path=_template&method=GET 200 22ms - 9.0B"}
可以看到绑定端口为5601
4.查看进程
执行ps -ef|grep node
501 8563 2099 0 6:43下午 ttys000 0:27.66 ./../node/bin/node --no-warnings ./../src/cli
5.浏览器访问 http://localhost:5601/app/kibana 进入Dev Tools界面
二.CURD
1.document数据格式
面向文档的搜索分析引擎
(1)应用系统的数据结构都是面向对象的,复杂的
(2)对象数据存储到数据库中,只能拆解开来,变为扁平的多张表,每次查询的时候还得还原回对象格式,相当麻烦
(3)ES是面向文档的,文档中存储的数据结构,与面向对象的数据结构是一样的,基于这种文档数据结构,es可以提供复杂的索引,全文检索,分析聚合等功能
(4)es的document用json数据格式来表达
2.简单的集群管理
(1)快速检查集群的健康状况
es提供了一套api,叫做cat api,可以查看es中各种各样的数据
GET /_cat/health?v
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1545272412 02:20:12 elasticsearch green 1 1 1 1 0 0 0 0 - 100.0%
如何快速了解集群的健康状况?green、yellow、red?
green:每个索引的primary shard和replica shard都是active状态的
yellow:每个索引的primary shard都是active状态的,但是部分replica shard不是active状态,处于不可用的状态
red:不是所有索引的primary shard都是active状态的,部分索引有数据丢失了
(2)快速查看集群中有哪些索引
GET /_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_1 4OzsBQhJROuREyl8ZadWCQ 1 0 3 0 11.9kb 11.9kb
(3)简单的索引操作
创建索引:PUT /test_index?pretty
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open .kibana_1 4OzsBQhJROuREyl8ZadWCQ 1 0 3 0 11.9kb 11.9kb yellow open test_index QmrZBLhPQkG41DSt-rLzfQ 5 1 0 0 1.1kb 1.1kb
删除索引:DELETE /test_index?pretty
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_1 4OzsBQhJROuREyl8ZadWCQ 1 0 3 0 11.9kb 11.9kb
3、document的CRUD操作
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1545275286 03:08:06 elasticsearch yellow 1 1 6 6 0 0 5 0 - 54.5%
(1)新增:新增文档,建立索引
PUT /index/type/id { "json数据" } PUT /ecommerce/product/1 { "name" : "gaolujie yagao", "desc" : "gaoxiao meibai", "price" : 30, "producer" : "gaolujie producer", "tags": [ "meibai", "fangzhu" ] } { "_index": "ecommerce", "_type": "product", "_id": "1", "_version": 1, "result": "created", "_shards": { "total": 2, "successful": 1, "failed": 0 }, "created": true } PUT /ecommerce/product/2 { "name" : "jiajieshi yagao", "desc" : "youxiao fangzhu", "price" : 25, "producer" : "jiajieshi producer", "tags": [ "fangzhu" ] } PUT /ecommerce/product/3 { "name" : "zhonghua yagao", "desc" : "caoben zhiwu", "price" : 40, "producer" : "zhonghua producer", "tags": [ "qingxin" ] }
es会自动建立index和type,不需要提前创建,而且es默认会对document每个field都建立倒排索引,让其可以被搜索
(2)查询:检索文档
GET /index/type/id GET /ecommerce/product/1 { "_index": "ecommerce", "_type": "product", "_id": "1", "_version": 1, "found": true, "_source": { "name": "gaolujie yagao", "desc": "gaoxiao meibai", "price": 30, "producer": "gaolujie producer", "tags": [ "meibai", "fangzhu" ] } }
(3)修改:替换文档
PUT /ecommerce/product/1 { "name" : "jiaqiangban gaolujie yagao", "desc" : "gaoxiao meibai", "price" : 30, "producer" : "gaolujie producer", "tags": [ "meibai", "fangzhu" ] } { "_index": "ecommerce", "_type": "product", "_id": "1", "_version": 1, "result": "created", "_shards": { "total": 2, "successful": 1, "failed": 0 }, "created": true } { "_index": "ecommerce", "_type": "product", "_id": "1", "_version": 2, "result": "updated", "_shards": { "total": 2, "successful": 1, "failed": 0 }, "created": false } PUT /ecommerce/product/1 { "name" : "jiaqiangban gaolujie yagao" }
替换方式有一个不好,即使必须带上所有的field,才能去进行信息的修改
(4)修改:更新文档
POST /ecommerce/product/1/_update { "doc": { "name": "jiaqiangban gaolujie yagao" } } { "_index": "ecommerce", "_type": "product", "_id": "1", "_version": 8, "result": "updated", "_shards": { "total": 2, "successful": 1, "failed": 0 } }
(5)删除:删除文档
DELETE /ecommerce/product/1 { "found": true, "_index": "ecommerce", "_type": "product", "_id": "1", "_version": 9, "result": "deleted", "_shards": { "total": 2, "successful": 1, "failed": 0 } } { "_index": "ecommerce", "_type": "product", "_id": "1", "found": false }