前言
為了方便ELK的逐步搭建,我們本篇文章先安裝Kibana,然后用Kibana的DevTols執行命令。
也可以安裝elasticsearch-head運行命令。
安裝Kibana
參考Installing Kibana
首先打開 Download Kibana,復制RPM格式的鏈接。
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.4.1-x86_64.rpm sudo rpm --install kibana-6.4.1-x86_64.rpm 更新配置信息
vi /etc/kibana/kibana.yml
將elasticsearch.url: "http://127.0.0.1:9200"
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service sudo systemctl start kibana.service sudo systemctl stop kibana.service sudo systemctl status kibana 狀態信息Active是:active (running) 的時候,就是成功了。
[root@izwz9fwifc2eniq3lbdzmgz /]# systemctl status kibana ● kibana.service - Kibana Loaded: loaded (/etc/systemd/system/kibana.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2018-09-28 18:35:41 CST; 20h ago Main PID: 1474 (node) CGroup: /system.slice/kibana.service └─1474 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml Sep 29 15:23:52 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:23:52Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r...plain, */* Sep 29 15:24:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:24:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r...plain, */* Sep 29 15:24:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:24:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r.../plain, */ Sep 29 15:24:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:24:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r...plain, */* Sep 29 15:25:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:25:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r...plain, */* Sep 29 15:25:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:25:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r.../plain, */ Sep 29 15:25:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:25:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r...plain, */* Sep 29 15:26:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:26:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r...plain, */* Sep 29 15:26:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:26:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r...plain, */* Sep 29 15:26:53 izwz9fwifc2eniq3lbdzmgz kibana[1474]: {"type":"response","@timestamp":"2018-09-29T07:26:53Z","tags":[],"pid":1474,"method":"post","statusCode":200,"r.../plain, */ Hint: Some lines were ellipsized, use -l to show in full. 探索集群
群集健康
要檢查集群運行情況,我們可以使用_catApi工具。通過使用curl或其他HTTP Restful客戶端工具可以執行運行。
[root@XXX /]# curl http://localhost:9200/_cat/health?v epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent 1538204636 15:03:56 elasticsearch yellow 1 1 16 16 0 0 15 0 - 51.6% 或者通過Kibana控制台
image.png
檢查集群時,我們會獲得三個狀態:
- 綠色 - 一切都很好(集群功能齊全)
- 黃色 - 所有數據均可用,但尚未分配一些副本(群集功能齊全)
- 紅色 - 某些數據由於某種原因不可用(群集部分功能)
注意:當群集為紅色時,它將繼續提供來自可用分片的搜索請求,但您可能需要盡快修復它,因為存在未分配的分片
節點
Get /_cat/nodes?v
[root@izwz9fwifc2eniq3lbdzmgz kibana]# curl http://localhost:9200/_cat/nodes 172.18.235.220 12 97 1 0.00 0.01 0.05 mdi * JRtCfH7 這里我們看到JRtCfH7的單節點,它是我們集群中當前的單個節點。
創建索引
利用Kibana的DevTools輸入指令
PUT /best3?pretty
#! Deprecation: the default number of shards will change from [5] to [1] in 7.0.0; if you wish to continue using the default of [5] shards, you must manage this on the create index request or with an index template { "acknowledged": true, "shards_acknowledged": true, "index": "best3" } 列出所有索引
Get /_cat/indices?v
green open .kibana qCbYeswVT2WCogz_E9Y3Ag 1 0 1 0 4kb 4kb yellow open index 3BGZ895tTNa8qtM_nA3YmA 5 1 1 0 4.4kb 4.4kb yellow open customer2 VyIXSBK6R9yHNYNDlsni3A 5 1 0 0 1.2kb 1.2kb yellow open customerc Nbglz5hbRO28jyt_XyPNTA 5 1 1 0 4.5kb 4.5kb yellow open cust xuYth97RShixNtgNpbyxBA 5 1 1 0 4.4kb 4.4kb yellow open customer x57uWBR3Rg-w2_Dz7Djduw 5 1 1 0 4.5kb 4.5kb yellow open customerf osKgtSLxTPKblJW7mrmO0Q 5 1 1 0 5.1kb 5.1kb yellow open customerb 80DoY8e3RtinVNV4VGU4Cg 5 1 1 0 4.5kb 4.5kb yellow open customer3 101ZzeNmRuCn9d_NOx5oZg 5 1 0 0 1.2kb 1.2kb yellow open customere p2BWLci9Qz-1VnOh0vSSQA 5 1 2 0 7.6kb 7.6kb yellow open best3 1PDN1mjCTCuq3zfHu2kA0g 5 1 0 0 1.1kb 1.1kb 索引和查詢文檔
Elasticsearch在您將文檔編入索引之前不需要先顯式創建索引,如果索引不存在,則會自動創建索引。
我們創建一個簡單的文檔,索引到best3索引中,Id為1,如下:
PUT /best3/_doc/1?pretty
{
"name": "John Doe"
}
返回:
{
"_index": "best3", "_type": "_doc", "_id": "1", "_version": 1, "result": "created", "_shards": { "total": 2, "successful": 1, "failed": 0 }, "_seq_no": 0, "_primary_term": 1 } 查詢:
GET /best3/_doc/1?
返回:
{
"_index": "best3", "_type": "_doc", "_id": "1", "_version": 1, "found": true, "_source": { "name": "John Doe" } } 刪除索引
DELETE /best3?pretty
GET /_cat/indices?v
返回:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open .kibana qCbYeswVT2WCogz_E9Y3Ag 1 0 1 0 4kb 4kb yellow open index 3BGZ895tTNa8qtM_nA3YmA 5 1 1 0 4.4kb 4.4kb yellow open customer2 VyIXSBK6R9yHNYNDlsni3A 5 1 0 0 1.2kb 1.2kb yellow open customerc Nbglz5hbRO28jyt_XyPNTA 5 1 1 0 4.5kb 4.5kb yellow open cust xuYth97RShixNtgNpbyxBA 5 1 1 0 4.4kb 4.4kb yellow open customer x57uWBR3Rg-w2_Dz7Djduw 5 1 1 0 4.5kb 4.5kb yellow open customerf osKgtSLxTPKblJW7mrmO0Q 5 1 1 0 5.1kb 5.1kb yellow open customerb 80DoY8e3RtinVNV4VGU4Cg 5 1 1 0 4.5kb 4.5kb yellow open customer3 101ZzeNmRuCn9d_NOx5oZg 5 1 0 0 1.2kb 1.2kb yellow open customere p2BWLci9Qz-1VnOh0vSSQA 5 1 2 0 7.6kb 7.6kb 修改數據
使用Put指定相同的ID時,Es會用新數據覆蓋原有數據。不同ID時,則會對新文檔編制索引,並且索引中已有的現有文檔保持不變。
不指定ID時,需要使用Post,Es會自動生成隨機ID。
POST /best3/_doc?pretty
{
"name": "Jane Doe"
}
更新文檔
POST /best3/_doc/1/_update?pretty
{
"doc": { "name": "Jane Doe", "age": 20 }
}
根據腳本更新
POST /best3/_doc/1/_update?pretty
{
"script" : "ctx._source.age += 5"
}
刪除文檔
DELETE /best3/_doc/2?pretty
批量處理
POST /best3/_doc/_bulk?pretty
{"index":{"_id":"1"}}
{"name": "John Doe" }
{"index":{"_id":"2"}}
{"name": "Jane Doe" }
參考批量處理
總結
本篇依據官網,實踐集群的基本命令。感謝觀看。有興趣的朋友,可以在 http://www.weixinhe.cn:5601 試驗。