ELK常見命令

ELK中常見的命令整理如下:

ES
說明:REST API調(diào)用方式為 <REST Verb> /<Index>/<Type>/<ID>

  • 查看ES中的index信息: GET /_cat/indices?v

  • 查看集群的健康狀態(tài): GET /_cat/health?v

  • 查看集群的節(jié)點(diǎn)信息: GET /_cat/nodes?v

  • 創(chuàng)建index:

PUT /customer?pretty
{
  "acknowledged": true,
  "shards_acknowledged": true,
  "index": "customer"
}
PUT /customer/_doc/1?pretty
{
  "name": "xi dada"
}
  • 刪除index:
DELETE /customer?pretty
DELETE /customer/_doc/1?pretty
  • 更新index:
POST /customer/_doc/1/_update?pretty
{
  "doc": {"name":"wang FengFeng", "age":28}
}
POST /customer/_doc/1/_update?pretty
{
  "script": "ctx._source.age += 3"
}
  • 查詢index信息:
    GET /customer/_doc/2?pretty
    GET /kafka-snail/_search?pretty&q=* 某個(gè)index中所有的記錄
  • 復(fù)雜查詢index信息+條件:
GET /bank/_search?q=*&sort=account_number:asc&pretty
GET /bank/_search
{
  "query": { "match_all": {} },
  "sort": [
    { "account_number": "asc" }
  ]
}
// 指定查詢結(jié)果的大小和起始位置
GET /bank/_search
{
  "query": {"match_all": {}},
  "_source": ["account_number","balance"], 
  "sort": [
    { "account_number": "asc" },
    {"balance": "desc"}
  ],
  "from":10,
  "size": 5
}
// 指定多個(gè)查詢條件,包含與、或、非
GET /bank/_search
{
  "query": { 
    "bool": { 
      "must":[
        {"match":{"address":"mill"}},
        {"match":{"gender":"M"}}
      ],
      "must_not":[
        {"match":{"state":"IL"}}
        ],
      "should": [
        {"match": {"city": "Lopezo"}},
        {"match": {"city": "Urie"}}
      ]
    }
  }
}
//使用where條件,限定字段的范圍
GET /bank/_search
{
  "query": {
    "bool": {
      "must": { "match": {"gender":"M"} },
      "filter": {
        "range": {
          "balance": {
            "gte": 20000,
            "lte": 23000
          }
        }
      }
    }
  }
}

// 批量操作
POST /customer/_doc/_bulk?pretty
  {"index":{"_id":"1"}}
  {"name":"John legend"}
  {"index":{"_id":"2"}}
  {"name":"wang jun"}

POST /customer/_doc/_bulk?pretty
{"update":{"_id":"1"}}
{"doc":{"name":"John legend become mengmeng"}}
{"delete":{"_id":"2"}}
  • 按indices查看緩存 GET /_stats/request_cache?human
  • 按節(jié)點(diǎn)查看緩存 GET /_nodes/stats/indices/request_cache?human
  • 清理多個(gè)index的緩存 POST /index1,inex2/_cache/clear?request=true

Logstash:

  • 查看logstash使用的插件信息和版本
    ./bin/logstash-plugin list --verbose
  • 卸載logstash使用的某個(gè)xx插件
    ./bin/logstash-plugin remove xx
  • logstash安裝指定版本的插件
    ./bin/logstash-plugin install --version 8.0.6 xx 例如:./bin/logstash-plugin install --version 8.0.6 logstash-input-kafka
  • 簡(jiǎn)單控制臺(tái)輸入輸出
    ./bin/logstash -e 'input { stdin {}} output { stdout { } }'
  • 配置好Logstash.conf,檢查其配置項(xiàng)
    ./bin/logstash -f logstash.conf --config.test_and_exit
  • 配置好Logstash.conf,檢查其配置項(xiàng)
    ./bin/logstash -f logstash.conf --config.test_and_exit
  • 啟動(dòng)logstash,當(dāng)配置文件修改時(shí),可自動(dòng)加載
    ./bin/logstash -f logstash.conf --config.reload.automatic
  • logstash讀取kafka數(shù)據(jù)存入到ES中的配置kafka-logstash.conf
input {
     kafka {
        bootstrap_servers => "10.194.xxx.yyy:9092,10.xxx.yyy.18:9092,10.xxx.yyy.180:9092"
        auto_offset_reset => "earliest"
        group_id => "logstash23"
    id => "8.0.6"
        client_id => "logstash-5"
        check_crcs => "false"
    topics => ["mda.online"]
        }
}
filter {
    grok {
        match => { "message" => "%{COMBINEDAPACHELOG}"}
    }
    geoip {
        source => "clientip"
    }
}
output {
      stdout { }   //會(huì)打印出信息
      elasticsearch {
                hosts => "esIp:9200"
                index => "kafka-snail"
        template_overwrite => true
        } 
}

參考文獻(xiàn)

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容