①.ELK

E: elastcisearch 数据搜索 数据存储 java
L: Logstash 数据收集(数据解析 数据转换) 数据输出 java
F: Filebeat 数据采集(简单的数据处理) go
K: Kibana 数据分析 数据展示

使用elfk能收集那些日志

容器: docker
代理: haproxy nginx
web: nginx tomcat httpd php
db: mysql redis mongo elasticsearch
存储: nfs glusterfs
系统: message security
业务: app

单机安装es
[root@es-node1 ~]# yum install java -y
[root@es-node1 ~]# rpm -ivh elasticsearch-7.4.0-x86_64.rpm
kibana-7.4.0-x86_64.rpm
[root@es-node1 ~]# vim /etc/elasticsearch/jvm.options
-Xms512m  #实验环境生产环境最少内存一半以上官方建议最高32Gb
-Xmx512m

[root@es-node1 ~]# systemctl enable elasticsearch.service
[root@es-node1 ~]# systemctl start  elasticsearch.service
#测试es是否启动
[root@java ~]# curl 127.0.0.1:9200
{
  "name" : "node3",
  "cluster_name" : "rstx_es",
  "cluster_uuid" : "bEoasb4KTJSyBIQqg4Xy2Q",
  "version" : {
    "number" : "7.4.0",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "22e1767283e61a198cb4db791ea66e3f11ab9910",
    "build_date" : "2019-09-27T08:36:48.569419Z",
    "build_snapshot" : false,
    "lucene_version" : "8.2.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

[root@rstx-53 ~]# grep -v \# /etc/kibana/kibana.yml |grep -v '^$'
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.1.246:9200"]
i18n.locale: "zh-CN"
[root@rstx-53 ~]# systemctl enable kibana
[root@rstx-53 ~]# systemctl start  kibana
3.ES索引基本操作
#创建一个索引
PUT /oldxu_es
#查看所有的索引
GET _cat/indices
#删除索引
DELETE /oldxu_es
#给oldxu_es索引录入一个文档
POST /tt/_doc/1
{
"name": "oldxu",
"age": 18,
"salary": 1000000000
}
POST /oldxu_es/_doc/2
{
"name": "oldguo",
"age": 35,
"salary": 100
}
#获取指定的id数据
GET /oldxu_es/_doc/1

#获取所有的文档默认前10个
GET /oldxu_es/_search
#模糊查询
GET /oldxu_es/_search
{
"query": {
"term": {
"name": "oldxu"
}
}
}
#删除指定id的文档
DELETE /oldxu_es/_doc/1
#
POST _bulk
{"index":{"_index":"tt","_id":"1"}}
{"name":"oldxu","age":"18"}
{"create":{"_index":"tt","_id":"2"}}
{"name":"oldqiang","age":"30"}
{"delete":{"_index":"tt","_id":"2"}}
{"update":{"_id":"1","_index":"tt"}}
{"doc":{"age":"20"}}
#一次查询多个文档
GET _mget
{
"docs": [
   {
   "_index": "tt",
   "_id": "1"
   },
   {
   "_index": "tt",
   "_id": "2"
   }
  ]
 }
posted @ 2021-06-18 14:06  老夫聊发少年狂88  阅读(44)  评论(0)    收藏  举报