ELK之elasticsearch6.5
官方网站:https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html
这里采用rpm的方式安装:
1 | # wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.4.rpm |
elasticsearch依赖java环境,于是在安装之前需要配置java:
1 2 | # rpm -ivh jdk-8u191-linux-x64.rpm# java -version |
java环境安装完成后,安装elasticsearch:
1 | # rpm --install elasticsearch-6.5.4.rpm |
elasticsearch的配置文件:
1 2 3 4 5 6 7 8 9 10 11 | [root@node1 ~]# cd /etc/elasticsearch/[root@node1 elasticsearch]# ll总用量 36-rw-rw----. 1 root elasticsearch 207 12月 23 18:04 elasticsearch.keystore-rw-rw----. 1 root elasticsearch 2869 12月 18 05:21 elasticsearch.yml-rw-rw----. 1 root elasticsearch 3266 12月 18 05:21 jvm.options-rw-rw----. 1 root elasticsearch 12423 12月 18 05:21 log4j2.properties-rw-rw----. 1 root elasticsearch 473 12月 18 05:21 role_mapping.yml-rw-rw----. 1 root elasticsearch 197 12月 18 05:21 roles.yml-rw-rw----. 1 root elasticsearch 0 12月 18 05:21 users-rw-rw----. 1 root elasticsearch 0 12月 18 05:21 users_roles |
如果需要修改jvm参数,调整jvm.options这个配置文件就行:默认配置为1g
1 2 3 | [root@node1 elasticsearch]# egrep "^-Xms|^-Xmx" jvm.options -Xms1g-Xmx1g |
现在将elasticsearch做一下简单的配置如下:
1 2 3 4 5 6 7 | [root@node1 elasticsearch]# egrep -v "^$|^#" elasticsearch.yml cluster.name: es 集群的名字node.name: node1 节点的名字path.data: /var/lib/elasticsearch 数据目录path.logs: /var/log/elasticsearch 日志目录network.host: 0.0.0.0 服务监听的iphttp.port: 9200 服务监听的端口 |
然后启动elasticsearch服务:
1 2 3 4 | # systemctl daemon-reload# systemctl enable elasticsearch.service# systemctl start elasticsearch.service# systemctl status elasticsearch.service |
查看监听状态:
1 2 3 4 5 6 7 | [root@node1 elasticsearch]# netstat -tnlpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 968/sshd tcp6 0 0 :::9200 :::* LISTEN 2756/java tcp6 0 0 :::9300 :::* LISTEN 2756/java tcp6 0 0 :::22 :::* LISTEN 968/sshd |
于是单节点的elasticsearch服务配置完成,现在做一些curl的操作,熟悉elasticsearch的一些查询:
1.关于cat API的使用:
1 2 3 4 5 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/nodes"172.16.23.129 32 68 0 0.00 0.04 0.05 mdi * node1[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v"ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name172.16.23.129 28 68 2 0.02 0.07 0.05 mdi * node1 |
由于es集群只有一个节点,所以节点node1也是master节点:
1 2 3 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/master?v"id host ip nodeq95yZ4W4Tj6PaXyzLZZYDQ 172.16.23.129 172.16.23.129 node1 |
然后可以根据指定的字段获取结果:
1 2 3 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v&h=id,ip,port,v,m"id ip port v mq95y 172.16.23.129 9300 6.5.4 * |
指定的字段格式为:h=colume即可:这里的h代表为header
1 2 3 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v&h=ram.percent"ram.percent 69 |
具体header后面可以过滤哪些colume,请查看官网:https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-nodes.html
查看health:
1 2 3 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/health?v"epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent1545561036 10:30:36 es green 1 1 0 0 0 0 0 0 - 100.0% |
elasticsearch下重要的index:
1 2 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/indices?v"health status index uuid pri rep docs.count docs.deleted store.size pri.store.size |
由上面返回结果来看,是没有数据的,表示es这个集群并没有构建索引
2.关于indices API的使用:
2.1创建一个index:
1 | # curl -X PUT "localhost:9200/test1" 创建的索引全部以默认值,默认的shard等等 |
查看这个index:
1 2 3 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/indices?v"health status index uuid pri rep docs.count docs.deleted store.size pri.store.sizeyellow open test1 KqGrTZ7GQv6o5jEQPK-wwA 5 1 0 0 1.1kb 1.1kb |
创建的index拥有默认的shards个数,5个,可以通过将indeices换为shards进行查看
查看索引test1的具体的默认配置,获取索引test1:
1 2 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/test1" {"test1":{"aliases":{},"mappings":{},"settings":{"index":{"creation_date":"1545561578119","number_of_shards":"5","number_of_replicas":"1","uuid":"KqGrTZ7GQv6o5jEQPK-wwA","version":{"created":"6050499"},"provided_name":"test1"}}}}[root@node1 elasticsearch]# |
由于上面的结果不利于查看,于是使用python的json工具转化一下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/test1" |python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 229 100 229 0 0 6870 0 --:--:-- --:--:-- --:--:-- 7387{ "test1": { "aliases": {}, "mappings": {}, "settings": { "index": { "creation_date": "1545561578119", "number_of_replicas": "1", "number_of_shards": "5", "provided_name": "test1", "uuid": "KqGrTZ7GQv6o5jEQPK-wwA", "version": { "created": "6050499" } } } }} |
可以看见上面依然显示不是很友好,有下载的状态,curl的参数-s静默输出:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/test1" -s|python -m json.tool { "test1": { "aliases": {}, "mappings": {}, "settings": { "index": { "creation_date": "1545561578119", "number_of_replicas": "1", "number_of_shards": "5", "provided_name": "test1", "uuid": "KqGrTZ7GQv6o5jEQPK-wwA", "version": { "created": "6050499" } } } }} |
可以看出索引test1的shards数为5个,replicas数为1个等等信息
获取索引test1中结果的某指定字段:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/test1/_settings" -s|python -m json.tool{ "test1": { "settings": { "index": { "creation_date": "1545561578119", "number_of_replicas": "1", "number_of_shards": "5", "provided_name": "test1", "uuid": "KqGrTZ7GQv6o5jEQPK-wwA", "version": { "created": "6050499" } } } }} |
1 2 3 4 5 6 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/test1/_mappings" -s|python -m json.tool{ "test1": { "mappings": {} }} |
2.2删除索引
1 2 | [root@node1 elasticsearch]# curl -X DELETE "localhost:9200/test1"{"acknowledged":true}[root@node1 elasticsearch]# |
3._cluster API查询:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cluster/health" -s |python -m json.tool{ "active_primary_shards": 5, "active_shards": 5, "active_shards_percent_as_number": 50.0, "cluster_name": "es", "delayed_unassigned_shards": 0, "initializing_shards": 0, "number_of_data_nodes": 1, "number_of_in_flight_fetch": 0, "number_of_nodes": 1, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "yellow", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 5} |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cluster/health/test1" -s |python -m json.tool{ "active_primary_shards": 5, "active_shards": 5, "active_shards_percent_as_number": 50.0, "cluster_name": "es", "delayed_unassigned_shards": 0, "initializing_shards": 0, "number_of_data_nodes": 1, "number_of_in_flight_fetch": 0, "number_of_nodes": 1, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "yellow", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 5} |
1 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/_cluster/health/test1?level=shards" -s |python -m json.tool |
如果不想-s |python -m json.tool,那么还有一种方式格式化输出:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | [root@node1 elasticsearch]# curl -X GET "localhost:9200/test1?human&pretty"{ "test1" : { "aliases" : { }, "mappings" : { }, "settings" : { "index" : { "creation_date_string" : "2018-12-23T11:04:48.982Z", "number_of_shards" : "5", "provided_name" : "test1", "creation_date" : "1545563088982", "number_of_replicas" : "1", "uuid" : "ZAjj9y_sSPmGz8ZscIXUsA", "version" : { "created_string" : "6.5.4", "created" : "6050499" } } } }} |
需要在后面加上?human&pretty
或者直接在后面加上?pretty:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@master ~]# curl -XGET localhost:9200/_cluster/health?pretty{ "cluster_name" : "estest", "status" : "green", "timed_out" : false, "number_of_nodes" : 3, "number_of_data_nodes" : 3, "active_primary_shards" : 5, "active_shards" : 10, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0} |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!