ELK之elasticsearch6.5

官方網站:https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html

這裏採用rpm的方式安裝:

# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.4.rpm

 elasticsearch依賴java環境,因而在安裝以前須要配置java:

# rpm -ivh jdk-8u191-linux-x64.rpm
# java -version

 java環境安裝完成後,安裝elasticsearch:

# rpm --install elasticsearch-6.5.4.rpm

 elasticsearch的配置文件:

[root@node1 ~]# cd /etc/elasticsearch/
[root@node1 elasticsearch]# ll
總用量 36
-rw-rw----. 1 root elasticsearch   207 12月 23 18:04 elasticsearch.keystore
-rw-rw----. 1 root elasticsearch  2869 12月 18 05:21 elasticsearch.yml
-rw-rw----. 1 root elasticsearch  3266 12月 18 05:21 jvm.options
-rw-rw----. 1 root elasticsearch 12423 12月 18 05:21 log4j2.properties
-rw-rw----. 1 root elasticsearch   473 12月 18 05:21 role_mapping.yml
-rw-rw----. 1 root elasticsearch   197 12月 18 05:21 roles.yml
-rw-rw----. 1 root elasticsearch     0 12月 18 05:21 users
-rw-rw----. 1 root elasticsearch     0 12月 18 05:21 users_roles

 若是須要修改jvm參數,調整jvm.options這個配置文件就行:默認配置爲1g

[root@node1 elasticsearch]# egrep "^-Xms|^-Xmx" jvm.options 
-Xms1g
-Xmx1g

 如今將elasticsearch作一下簡單的配置以下:

[root@node1 elasticsearch]# egrep -v "^$|^#" elasticsearch.yml 
cluster.name: es                          集羣的名字
node.name: node1                          節點的名字
path.data: /var/lib/elasticsearch         數據目錄
path.logs: /var/log/elasticsearch         日誌目錄
network.host: 0.0.0.0                     服務監聽的ip
http.port: 9200                           服務監聽的端口

 而後啓動elasticsearch服務:

# systemctl daemon-reload
# systemctl enable elasticsearch.service
# systemctl start elasticsearch.service
# systemctl status elasticsearch.service

 查看監聽狀態:

[root@node1 elasticsearch]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      968/sshd            
tcp6       0      0 :::9200                 :::*                    LISTEN      2756/java           
tcp6       0      0 :::9300                 :::*                    LISTEN      2756/java           
tcp6       0      0 :::22                   :::*                    LISTEN      968/sshd

 因而單節點的elasticsearch服務配置完成,如今作一些curl的操做,熟悉elasticsearch的一些查詢:

1.關於cat API的使用:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/nodes"
172.16.23.129 32 68 0 0.00 0.04 0.05 mdi * node1
[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v"
ip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
172.16.23.129           28          68   2    0.02    0.07     0.05 mdi       *      node1

 因爲es集羣只有一個節點,因此節點node1也是master節點:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/master?v"
id                     host          ip            node
q95yZ4W4Tj6PaXyzLZZYDQ 172.16.23.129 172.16.23.129 node1

 而後能夠根據指定的字段獲取結果:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v&h=id,ip,port,v,m"
id   ip            port v     m
q95y 172.16.23.129 9300 6.5.4 *

 指定的字段格式爲:h=colume便可:這裏的h表明爲header

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/nodes?v&h=ram.percent"
ram.percent
         69

 具體header後面能夠過濾哪些colume,請查看官網:https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-nodes.html

查看health:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/health?v"
epoch      timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1545561036 10:30:36  es      green           1         1      0   0    0    0        0             0                  -                100.0%

 elasticsearch下重要的index:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/indices?v"
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size

 由上面返回結果來看,是沒有數據的,表示es這個集羣並無構建索引

 

2.關於indices API的使用:

2.1建立一個index:

# curl -X PUT "localhost:9200/test1"        建立的索引所有以默認值,默認的shard等等

 查看這個index:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cat/indices?v"
health status index uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   test1 KqGrTZ7GQv6o5jEQPK-wwA   5   1          0            0      1.1kb          1.1kb

 建立的index擁有默認的shards個數,5個,能夠經過將indeices換爲shards進行查看

查看索引test1的具體的默認配置,獲取索引test1:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/test1" 
{"test1":{"aliases":{},"mappings":{},"settings":{"index":{"creation_date":"1545561578119","number_of_shards":"5","number_of_replicas":"1","uuid":"KqGrTZ7GQv6o5jEQPK-wwA","version":{"created":"6050499"},"provided_name":"test1"}}}}[root@node1 elasticsearch]# 

 因爲上面的結果不利於查看,因而使用python的json工具轉化一下:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/test1" |python -m json.tool 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   229  100   229    0     0   6870      0 --:--:-- --:--:-- --:--:--  7387
{
    "test1": {
        "aliases": {},
        "mappings": {},
        "settings": {
            "index": {
                "creation_date": "1545561578119",
                "number_of_replicas": "1",
                "number_of_shards": "5",
                "provided_name": "test1",
                "uuid": "KqGrTZ7GQv6o5jEQPK-wwA",
                "version": {
                    "created": "6050499"
                }
            }
        }
    }
}

 能夠看見上面依然顯示不是很友好,有下載的狀態,curl的參數-s靜默輸出:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/test1" -s|python -m json.tool 
{
    "test1": {
        "aliases": {},
        "mappings": {},
        "settings": {
            "index": {
                "creation_date": "1545561578119",
                "number_of_replicas": "1",
                "number_of_shards": "5",
                "provided_name": "test1",
                "uuid": "KqGrTZ7GQv6o5jEQPK-wwA",
                "version": {
                    "created": "6050499"
                }
            }
        }
    }
}

 能夠看出索引test1的shards數爲5個,replicas數爲1個等等信息

獲取索引test1中結果的某指定字段:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/test1/_settings" -s|python -m json.tool
{
    "test1": {
        "settings": {
            "index": {
                "creation_date": "1545561578119",
                "number_of_replicas": "1",
                "number_of_shards": "5",
                "provided_name": "test1",
                "uuid": "KqGrTZ7GQv6o5jEQPK-wwA",
                "version": {
                    "created": "6050499"
                }
            }
        }
    }
}

[root@node1 elasticsearch]# curl -X GET "localhost:9200/test1/_mappings" -s|python -m json.tool
{
    "test1": {
        "mappings": {}
    }
}

 2.2刪除索引

[root@node1 elasticsearch]# curl -X DELETE "localhost:9200/test1"
{"acknowledged":true}[root@node1 elasticsearch]#

 

3._cluster API查詢:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cluster/health" -s |python -m json.tool
{
    "active_primary_shards": 5,
    "active_shards": 5,
    "active_shards_percent_as_number": 50.0,
    "cluster_name": "es",
    "delayed_unassigned_shards": 0,
    "initializing_shards": 0,
    "number_of_data_nodes": 1,
    "number_of_in_flight_fetch": 0,
    "number_of_nodes": 1,
    "number_of_pending_tasks": 0,
    "relocating_shards": 0,
    "status": "yellow",
    "task_max_waiting_in_queue_millis": 0,
    "timed_out": false,
    "unassigned_shards": 5
}

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cluster/health/test1" -s |python -m json.tool
{
    "active_primary_shards": 5,
    "active_shards": 5,
    "active_shards_percent_as_number": 50.0,
    "cluster_name": "es",
    "delayed_unassigned_shards": 0,
    "initializing_shards": 0,
    "number_of_data_nodes": 1,
    "number_of_in_flight_fetch": 0,
    "number_of_nodes": 1,
    "number_of_pending_tasks": 0,
    "relocating_shards": 0,
    "status": "yellow",
    "task_max_waiting_in_queue_millis": 0,
    "timed_out": false,
    "unassigned_shards": 5
}

[root@node1 elasticsearch]# curl -X GET "localhost:9200/_cluster/health/test1?level=shards" -s |python -m json.tool

 若是不想-s |python -m json.tool,那麼還有一種方式格式化輸出:

[root@node1 elasticsearch]# curl -X GET "localhost:9200/test1?human&pretty"
{
  "test1" : {
    "aliases" : { },
    "mappings" : { },
    "settings" : {
      "index" : {
        "creation_date_string" : "2018-12-23T11:04:48.982Z",
        "number_of_shards" : "5",
        "provided_name" : "test1",
        "creation_date" : "1545563088982",
        "number_of_replicas" : "1",
        "uuid" : "ZAjj9y_sSPmGz8ZscIXUsA",
        "version" : {
          "created_string" : "6.5.4",
          "created" : "6050499"
        }
      }
    }
  }
}

 須要在後面加上?human&pretty

或者直接在後面加上?pretty:

[root@master ~]# curl -XGET localhost:9200/_cluster/health?pretty
{
  "cluster_name" : "estest",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 5,
  "active_shards" : 10,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}