查询elasticsearch索引日志条数

只是用来记录一些简单的报警脚本

看看就行

]# cat es_index_count.sh 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#dhger的2台服务器
for i in {2008,2008-2};
do
curl -u elastic:elk_123 -X GET http://127.0.0.1:9200/dhger-*/_count -H 'Content-Type: application/json' -d '
{
  "query": {
    "bool": {
      "must": [],
      "filter": [
        { "match_phrase": 
        {"agent.hostname.keyword": {"query": "'$i'" }
        }
        },
        {"range": {
            "@timestamp": {"from": "now-15m"}
        }
        }
      ]
    }
  }
}' > /soft/ecc-${i}.txt
y=`awk -F '[:,]' '{print $2}' /soft/ecc-${i}.txt`
if [ $y -eq 0 ];then
#/bin/bash /soft/alert.sh "dhgner-$i" "$y"
/usr/bin/python /soft/python3 "`date +%H:%M` dhger服务 $i" "$y"
sleep 10
echo $y
fi
done
#dher的2台服务器
for i in {dh-2008,ct-2008-2};
do
curl -u elastic:elk_123 -X GET http://127.0.0.1:9200/dher-*/_count -H 'Content-Type: application/json' -d '
{
  "query": {
    "bool": {
      "must": [],
      "filter": [
        { "match_phrase": 
        {"agent.hostname.keyword": {"query": "'$i'" }
        }
        },
        {"range": {
            "@timestamp": {"from": "now-15m"}
        }
        }
      ]
    }
  }
}' > /soft/signer-${i}.txt
y=`awk -F '[:,]' '{print $2}' /soft/dher-${i}.txt`
if [ $y -eq 0 ];then
#/bin/bash /soft/alert.sh "dher-$i" "$y"
/usr/bin/python /soft/python3 "`date +%H:%M` siger服务 $i" "$y"
sleep 10
echo $y
fi
done
You have mail in /var/spool/mail/root

配置定时任务

*/5 8-19 * * * /bin/bash  /soft/es_index_count.sh &>/var/es_count.log
posted @ 2020-06-22 14:39  大葱丁  阅读(4276)  评论(0编辑  收藏  举报