kibana 索引配置
- 管理索引
點擊設置 --- Elasticsearch 的 Index management 可以查看 elk 生成的所有索引 (設置,Elasticsearch ,管理)
-
配置 kibana 的索引匹配
設置,Kibana,索引模式
-
配置索引生命周期
點擊設置 --- Elasticsearch 的 Index Lifecycle Policies 可以配置策略管理索引生命周期
配置索引策略文檔地址:https://www.elastic.co/guide/en/elasticsearch/reference/7.3/index-lifecycle-management.html
首先創建 Index Lifecycle Policies 也就官方文檔中的四個階段配置
需要說明的是並不是每個階段都是必要配置
配置好生命周期策略后,我們需要創建一個模板,將我們現在的輸入 index 接管過來,然后將策略應用於這個模板,這就達到了,每次創建的 index 都能應用於這一策略
其實最方便的就是將你創建的索引都以 logstash-* 開頭,默認就包含一個名為 logstash 的模板。
查詢當前的模板
# 查詢所有模板
GET /_template/
#查詢其中某一個模板
GET /_template/logstash
{
"logstash" : {
"order" : 0,
"version" : 60001,
"index_patterns" : [
"logstash-*"
],
"settings" : {
"index" : {
"lifecycle" : {
"name" : "watch-history-ilm-policy"
},
"number_of_shards" : "1",
"refresh_interval" : "5s"
}
},
"mappings" : {
"dynamic_templates" : [
{
"message_field" : {
"path_match" : "message",
"mapping" : {
"norms" : false,
"type" : "text"
},
"match_mapping_type" : "string"
}
},
{
"string_fields" : {
"mapping" : {
"norms" : false,
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"match_mapping_type" : "string",
"match" : "*"
}
}
],
"properties" : {
"@timestamp" : {
"type" : "date"
},
"geoip" : {
"dynamic" : true,
"properties" : {
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "half_float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "half_float"
}
}
},
"@version" : {
"type" : "keyword"
}
}
},
"aliases" : { }
}
}
以上的模板接管了 logstash-* 開頭的 index,然后將策略應用於這些 index
如果你不想以 logstash-* 開頭創建索引,你可以先創建個模板參考如下:
PUT /_template/my_template
{
"order" : 0,
"index_patterns" : [
"filebeat_cash-*",
"filebeat_custom-*",
"filebeat_portal-*",
"filebeat_user-*",
"filebeat_hkd-*",
"filebeat_test_custom-*",
"filebeat_test_portal-*",
"filebeat_test_user-*",
"filebeat_test_hkd-*",
"filebeat_test_canal_topic-*"
],
"settings" : {
"index" : {
"number_of_shards" : "1",
"refresh_interval" : "5s"
}
},
"mappings" : {
"dynamic_templates" : [
{
"message_field" : {
"path_match" : "message",
"mapping" : {
"norms" : false,
"type" : "text"
},
"match_mapping_type" : "string"
}
},
{
"string_fields" : {
"mapping" : {
"norms" : false,
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"match_mapping_type" : "string",
"match" : "*"
}
}
],
"properties" : {
"@timestamp" : {
"type" : "date"
},
"geoip" : {
"dynamic" : true,
"properties" : {
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "half_float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "half_float"
}
}
},
"@version" : {
"type" : "keyword"
}
}
},
"aliases" : { }
}
以上的模板接管了 filebeat-* 開頭的 index,然后將策略應用於這些 index
現在我們就可以在 index management 里查看索引當前的生命周期狀態
