CentOS7下Elastic Stack 5.0日志分析系统搭建
原文链接:http://www.2cto.com/net/201612/572296_3.html
在http://localhost:5601下新建索引页面输入“metricbeat-*”,之后kibana会自动更新,在“Time-field name”下面的选项中选择“@timestamp”,最后点击“Create”创建即可。
最后呈现如下图所示:
注1:
关于ELK Stack的一些查询语句:
①查询filebeat
|
1
|
#curl-XGET'http://localhost:9200/filebeat-*/_search?pretty' |
②查询packetbeat
|
1
|
#curl-XGET'http://localhost:9200/packetbeat-*/_search?pretty' |
③查询metricbeat
|
1
|
#curl-XGET'http://localhost:9200/metricbeat-*/_search?pretty' |
④查询集群健康度
|
1
|
#curl'localhost:9200/_cat/health?v' |
⑤查看节点列表
|
1
2
3
|
#curl'localhost:9200/_cat/nodes?v'ipheap.percentram.percentcpuload_1mload_5mload_15mnode.rolemastername127.0.0.1379330.050.070.41mdi*XVY0Ovb |
⑥列出所有索引
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#curl'localhost:9200/_cat/indices?v'healthstatusindexuuidprirepdocs.countdocs.deletedstore.sizepri.store.sizeyellowopenfilebeat-2016.11.28Mn4MzxdTRaCj9iseutcmqA512012kb12kbyellowopenfilebeat-2016.11.29iMrr710mT42mApxdV62k-A51159065.9kb65.9kbyellowopenpacketbeat-2016.11.29wkTcIwD6RgiiCFwlWBIILA51565201.6mb1.6mbyellowopencustomerNvxXLgHoREefJLRhot13Ug5100800b800byellowopenpacketbeat-2016.11.28Beoe07S7QB-dntNV4nxJNQ5124460676.4kb676.4kbyellowopentestM7WbkYq2QNmeJ9NOyMfMZA5100800b800byellowopenlogstash-2016.11.28pcb_84ChSBe9A7VRd-SQNw511610123.2kb123.2kbyellowopenmetricbeat-2016.11.29AmVeT1xCQGCnxlAFXUxhYw5194459037.6mb37.6mbyellowopenlogstash-2016.11.296PCKMYKCSVmPfdg-Sx2ARA5185772020.3mb20.3mbyellowopen.kibanaQYTg0I5KS-yc3d7GSey3Zw1150102kb102kb |
