ES运维API记录

1、查询ES所有的索引集合按照存储由大到小排序:http://192.168.60.12:9200/_cat/indices?bytes=b&s=store.size:desc,index:asc&v=true

health status index                           uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   icds-cloud-view                 96Kgkq22Qcanq8djZg-Slw   1   1    6852771            0 1561541920     1561541920
yellow open   tomcat                          x-P8cPRHSPOdCkKN90HA6A   1   1   10454376            0 1546835067     1546835067
yellow open   icds-cloud-view-2021-10-26      q8pCQw01QVet9RYQdxy5LQ   1   1    1023269            0  166567890      166567890
green  open   .geoip_databases                f4Iw2ATfRE-D0Hv3v5Ceqw   1   0         43           74   81520788       81520788
yellow open   tomcat-2021-10-26               ZIsqQqrmRLu_db0Pa54rCQ   1   1      12801            0    3023429        3023429
green  open   .kibana_7.15.1_001              1MWrkwxHTDST9GcYKu5aVg   1   0        134           33    2519973        2519973
green  open   .kibana_task_manager_7.15.1_001 x1QoiS8qTC6a3gmeiSZztg   1   0         15          729    1029538        1029538
green  open   .tasks                          OBsrZ7WDSUWoXgAus7CBlQ   1   0         10            0      51554          51554
green  open   .kibana-event-log-7.15.1-000001 BSjTU36JTASyx0cOORxf8Q   1   0          6            0      36255          36255
green  open   .async-search                   lmTYbKkQR3WC-WD3uLwNFA   1   0          0            0        235            235
green  open   .apm-agent-configuration        IfpewJA_RqWNI1HEgZ37Mw   1   0          0            0        208            208
green  open   .apm-custom-link                4Vj-LkenTuWiLHgCW-7m3Q   1   0          0            0        208            208

2、查询ES集群的Master节点:http://192.168.60.12:9200/_cat/master?v=true

3、找到最大索引名,查询该索引下的内容:http://192.168.60.12:9200/icds-cloud-view/_search?from=1&size=1

{"took":1,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":10000,"relation":"gte"},"max_score":1.0,"hits":[{"_index":"icds-cloud-view","_type":"_doc",
"_id":"OI0sonwB2eT2lff1FxBn","_score":1.0,"_source":{"host":{"ip":["192.168.60.12","fe80::63db:4aec:87eb:e787"],"id":"cc62bce941764a1e9c1aca9144c6360e","hostname":"server.zabbix.com","architecture":"x86_64",
"name":"server.zabbix.com","mac":["00:50:56:84:3b:ad"],"containerized":false,"os":{"codename":"Core","family":"redhat","kernel":"3.10.0-957.el7.x86_64","name":"CentOS Linux","type":"linux","platform":"centos",
"version":"7 (Core)"}},"input":{"type":"log"},"message":"2021-10-21 17:26:09,667 INFO [] [http-nio-10100-exec-17] c.g.l.service.impl.WebLogServiceImpl [WebLogServiceImpl.java : 30] [RETURN]: 
{\"code\":1,\"data\":\"0\",\"message\":\"成功\"}","fields":{"log_source":"view"},"log":{"offset":472028567,"file":{"path":"/home/sdnmuser/sendi/release/icds-cloud-view/logs/icds-cloud-view.log"}},
"ecs":{"version":"1.11.0"},"agent":{"id":"da452ff6-7d9b-41b1-96ce-ac070c18b49c","hostname":"server.zabbix.com","name":"server.zabbix.com","ephemeral_id":"71dd9167-5bc6-4bf6-9f7c-cb77f4f025be","type":"filebeat",
"version":"7.15.1"},"@timestamp":"2021-10-21T09:26:10.683Z"}}]}}cb77f4f025be","type":"filebeat","version":"7.15.1"},"@timestamp":"2021-10-21T09:26:10.684Z"}}]}}

4、根据匹配到的message进行数据清除:

先在Kibana的左侧菜单找到开发工具,然后进入控制台:

GET tomcat/_search
{
     "query": {
          "match": {
              "@timestamp": "2021-10-25"
                  }
         }
}

POST tomcat/_delete_by_query
{
      "query": {
          "match": {
             "@timestamp": "2021-10-25"
           }
    }
}

5、增加默认显示页条数,默认显示10000条:

PUT icds-cloud-rdsp/_settings
{ "index.max_result_window" :"500000"}

6、远程复制命令:scp -r sdnmuser@10.236.78.9:/home/sdnmuser/ELK/filebeat/filebeat.yml filebeat.yml

7、修改权限命令:chown -R sdnmuser:root filebeat

8







            

            
posted @ 
2021-10-26 17:17 
A仔的黑眼圈 
阅读(202) 
评论(0) 
 
收藏 
举报