{"id":1736,"date":"2018-09-11T21:13:19","date_gmt":"2018-09-11T13:13:19","guid":{"rendered":"https:\/\/yanjingang.com\/blog\/?p=1736"},"modified":"2025-03-31T22:25:42","modified_gmt":"2025-03-31T14:25:42","slug":"elasticsearch-%e6%9d%83%e5%a8%81%e6%8c%87%e5%8d%97","status":"publish","type":"post","link":"https:\/\/yanjingang.com\/blog\/?p=1736","title":{"rendered":"\u5c0f\u732a\u6559\u4f60\u642d\u5efaES ELK(Elasticsearch\/Logstash\/Kibana)"},"content":{"rendered":"

Elasticsearch \u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u3001\u53ef\u6269\u5c55\u3001\u5b9e\u65f6\u7684\u641c\u7d22\u4e0e\u6570\u636e\u5206\u6790\u5f15\u64ce\u3002\u5b83\u4e0d\u4ec5\u4ec5\u53ea\u662f\u5168\u6587\u641c\u7d22\uff0c\u8fd8\u652f\u6301\u7ed3\u6784\u5316\u641c\u7d22\u3001\u6570\u636e\u5206\u6790\u3001\u590d\u6742\u7684\u8bed\u8a00\u5904\u7406\u3001\u5730\u7406\u4f4d\u7f6e\u548c\u5bf9\u8c61\u95f4\u5173\u8054\u5173\u7cfb\u7b49\uff0c\u540c\u65f6\u5177\u5907\u6c34\u5e73\u4f38\u7f29\u6027\u548c\u96c6\u7fa4\u76d1\u63a7\u7b49\u5b8c\u5907\u7684\u529f\u80fd\u3002<\/p>\n

ES\u5e38\u89c1\u7ec4\u5408\u88ab\u79f0\u4e3aELKF\uff0c\u4ed6\u4eec\u5206\u522b\u662f\uff1a<\/p>\n

\uff081\uff09Elasticsearch\uff1a\u5f00\u6e90\u5206\u5e03\u5f0f\u641c\u7d22\u5f15\u64ce\uff0c\u63d0\u4f9b\u641c\u96c6\u3001\u5206\u6790\u3001\u5b58\u50a8\u6570\u636e\u4e09\u5927\u529f\u80fd\u3002\u5b83\u7684\u7279\u70b9\u6709\uff1a\u5206\u5e03\u5f0f\uff0c\u96f6\u914d\u7f6e\uff0c\u81ea\u52a8\u53d1\u73b0\uff0c\u7d22\u5f15\u81ea\u52a8\u5206\u7247\uff0c\u7d22\u5f15\u526f\u672c\u673a\u5236\uff0crestful\u98ce\u683c\u63a5\u53e3\uff0c\u591a\u6570\u636e\u6e90\uff0c\u81ea\u52a8\u641c\u7d22\u8d1f\u8f7d\u7b49\u3002<\/p>\n

\uff082\uff09Logstash \uff1a\u4e3b\u8981\u662f\u7528\u6765\u65e5\u5fd7\u7684\u641c\u96c6\u3001\u5206\u6790\u3001\u8fc7\u6ee4\u65e5\u5fd7\u7684\u5de5\u5177\uff0c\u652f\u6301\u5927\u91cf\u7684\u6570\u636e\u83b7\u53d6\u65b9\u5f0f\u3002\u4e00\u822c\u5de5\u4f5c\u65b9\u5f0f\u4e3ac\/s\u67b6\u6784\uff0cclient\u7aef\u5b89\u88c5\u5728\u9700\u8981\u6536\u96c6\u65e5\u5fd7\u7684\u4e3b\u673a\u4e0a\uff0cserver\u7aef\u8d1f\u8d23\u5c06\u6536\u5230\u7684\u5404\u8282\u70b9\u65e5\u5fd7\u8fdb\u884c\u8fc7\u6ee4\u3001\u4fee\u6539\u7b49\u64cd\u4f5c\u5728\u4e00\u5e76\u53d1\u5f80elasticsearch\u4e0a\u53bb\u3002Logstash\u4e8b\u4ef6\u5904\u7406\u6709\u4e09\u4e2a\u9636\u6bb5\uff1ainputs \u2192 filters \u2192 outputs\u3002\u662f\u4e00\u4e2a\u63a5\u6536\uff0c\u5904\u7406\uff0c\u8f6c\u53d1\u65e5\u5fd7\u7684\u5de5\u5177\u3002\u652f\u6301\u7cfb\u7edf\u65e5\u5fd7\uff0cwebserver\u65e5\u5fd7\uff0c\u9519\u8bef\u65e5\u5fd7\uff0c\u5e94\u7528\u65e5\u5fd7\uff0c\u603b\u4e4b\u5305\u62ec\u6240\u6709\u53ef\u4ee5\u629b\u51fa\u6765\u7684\u65e5\u5fd7\u7c7b\u578b\u3002<\/p>\n

\"\"<\/a><\/p>\n

\uff083\uff09Kibana\uff1a\u7528\u4e8e\u4e3a Logstash \u548c ElasticSearch \u63d0\u4f9b\u53cb\u597d\u7684\u65e5\u5fd7\u5206\u6790 Web \u754c\u9762\uff0c\u53ef\u4ee5\u5e2e\u52a9\u6c47\u603b\u3001\u5206\u6790\u548c\u641c\u7d22\u91cd\u8981\u6570\u636e\u65e5\u5fd7\u3002<\/p>\n

\uff084\uff09Filebeat\uff1a\u641c\u96c6\u6587\u4ef6\u6570\u636e\u7684\u5de5\u5177\u3002Filebeat\u7531\u4e24\u4e2a\u4e3b\u8981\u7ec4\u4ef6\u7ec4Prospectors \u548c Harvesters\u3002<\/span>Prospector\uff08\u52d8\u6d4b\u8005\uff09\u8d1f\u8d23\u7ba1\u7406Harvester\u5e76\u627e\u5230\u6240\u6709\u8bfb\u53d6\u6e90\u6587\u4ef6\u3002Harvester\uff08\u6536\u5272\u673a\uff09\uff1a\u8d1f\u8d23\u8bfb\u53d6\u5355\u4e2a\u6587\u4ef6\u5185\u5bb9\u3002<\/p>\n

\"\"<\/a><\/p>\n

\u5b98\u65b9\u6587\u6863\uff1a<\/p>\n

Filebeat\uff1a
\nhttps:\/\/www.elastic.co\/cn\/products\/beats\/filebeat
\nhttps:\/\/www.elastic.co\/guide\/en\/beats\/filebeat\/5.6\/index.html<\/p>\n

Logstash\uff1a
\nhttps:\/\/www.elastic.co\/cn\/products\/logstash
\nhttps:\/\/www.elastic.co\/guide\/en\/logstash\/5.6\/index.html<\/p>\n

Kibana:
\nhttps:\/\/www.elastic.co\/cn\/products\/kibana
\nhttps:\/\/www.elastic.co\/guide\/en\/kibana\/5.5\/index.html<\/p>\n

Elasticsearch\uff1a
\nhttps:\/\/www.elastic.co\/cn\/products\/elasticsearch
\nhttps:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/5.6\/index.html<\/p>\n

elasticsearch\u4e2d\u6587\u793e\u533a\uff1a
\nhttps:\/\/elasticsearch.cn\/<\/p>\n

\u5e38\u89c1\u7684ELK\u67b6\u6784\uff1a<\/strong><\/p>\n

\u67b6\u6784\u56fe\u4e00\uff1a<\/p>\n

\"\"<\/a><\/p>\n

\u8fd9\u662f\u6700\u7b80\u5355\u7684\u4e00\u79cdELK\u67b6\u6784\u65b9\u5f0f\u3002\u4f18\u70b9\u662f\u642d\u5efa\u7b80\u5355\uff0c\u6613\u4e8e\u4e0a\u624b\u3002\u7f3a\u70b9\u662fLogstash\u8017\u8d44\u6e90\u8f83\u5927\uff0c\u8fd0\u884c\u5360\u7528CPU\u548c\u5185\u5b58\u9ad8\u3002\u53e6\u5916\u6ca1\u6709\u6d88\u606f\u961f\u5217\u7f13\u5b58\uff0c\u5b58\u5728\u6570\u636e\u4e22\u5931\u9690\u60a3\u3002<\/p>\n

\u6b64\u67b6\u6784\u7531Logstash\u5206\u5e03\u4e8e\u5404\u4e2a\u8282\u70b9\u4e0a\u641c\u96c6\u76f8\u5173\u65e5\u5fd7\u3001\u6570\u636e\uff0c\u5e76\u7ecf\u8fc7\u5206\u6790\u3001\u8fc7\u6ee4\u540e\u53d1\u9001\u7ed9\u8fdc\u7aef\u670d\u52a1\u5668\u4e0a\u7684Elasticsearch\u8fdb\u884c\u5b58\u50a8\u3002Elasticsearch\u5c06\u6570\u636e\u4ee5\u5206\u7247\u7684\u5f62\u5f0f\u538b\u7f29\u5b58\u50a8\u5e76\u63d0\u4f9b\u591a\u79cdAPI\u4f9b\u7528\u6237\u67e5\u8be2\uff0c\u64cd\u4f5c\u3002\u7528\u6237\u4ea6\u53ef\u4ee5\u66f4\u76f4\u89c2\u7684\u901a\u8fc7\u914d\u7f6eKibana Web\u65b9\u4fbf\u7684\u5bf9\u65e5\u5fd7\u67e5\u8be2\uff0c\u5e76\u6839\u636e\u6570\u636e\u751f\u6210\u62a5\u8868\u3002<\/p>\n

\u67b6\u6784\u56fe\u4e8c\uff1a<\/p>\n

\"\"<\/a><\/p>\n

\u6b64\u79cd\u67b6\u6784\u5f15\u5165\u4e86\u6d88\u606f\u961f\u5217\u673a\u5236\uff0c\u4f4d\u4e8e\u5404\u4e2a\u8282\u70b9\u4e0a\u7684Logstash Agent\u5148\u5c06\u6570\u636e\/\u65e5\u5fd7\u4f20\u9012\u7ed9Kafka\uff08\u6216\u8005Redis\uff09\uff0c\u5e76\u5c06\u961f\u5217\u4e2d\u6d88\u606f\u6216\u6570\u636e\u95f4\u63a5\u4f20\u9012\u7ed9Logstash\uff0cLogstash\u8fc7\u6ee4\u3001\u5206\u6790\u540e\u5c06\u6570\u636e\u4f20\u9012\u7ed9Elasticsearch\u5b58\u50a8\u3002\u6700\u540e\u7531Kibana\u5c06\u65e5\u5fd7\u548c\u6570\u636e\u5448\u73b0\u7ed9\u7528\u6237\u3002\u56e0\u4e3a\u5f15\u5165\u4e86Kafka\uff08\u6216\u8005Redis\uff09,\u6240\u4ee5\u5373\u4f7f\u8fdc\u7aefLogstash server\u56e0\u6545\u969c\u505c\u6b62\u8fd0\u884c\uff0c\u6570\u636e\u5c06\u4f1a\u5148\u88ab\u5b58\u50a8\u4e0b\u6765\uff0c\u4ece\u800c\u907f\u514d\u6570\u636e\u4e22\u5931\u3002<\/p>\n

\u67b6\u6784\u56fe\u4e09\uff1a<\/p>\n

\"\"<\/a><\/p>\n

\u6b64\u79cd\u67b6\u6784\u5c06\u6536\u96c6\u7aeflogstash\u66ff\u6362\u4e3abeats\uff0c\u66f4\u7075\u6d3b\uff0c\u6d88\u8017\u8d44\u6e90\u66f4\u5c11\uff0c\u6269\u5c55\u6027\u66f4\u5f3a\u3002\u540c\u65f6\u53ef\u914d\u7f6eLogstash \u548cElasticsearch \u96c6\u7fa4\u7528\u4e8e\u652f\u6301\u5927\u96c6\u7fa4\u7cfb\u7edf\u7684\u8fd0\u7ef4\u65e5\u5fd7\u6570\u636e\u76d1\u63a7\u548c\u67e5\u8be2\u3002<\/p>\n

beats\u5305\u542b\uff1a<\/p>\n

    \n
  1. \n
      \n
    1. \n
        \n
      1. \n
          \n
        1. \n
            \n
          1. Filebeat\uff08\u641c\u96c6\u6587\u4ef6\u6570\u636e\uff09<\/li>\n
          2. Topbeat\uff08\u641c\u96c6\u7cfb\u7edf\u3001\u8fdb\u7a0b\u548c\u6587\u4ef6\u7cfb\u7edf\u7ea7\u522b\u7684 CPU \u548c\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u7b49\u6570\u636e\uff09<\/li>\n
          3. Packetbeat\uff08\u641c\u96c6\u7f51\u7edc\u6d41\u91cf\u6570\u636e\uff09<\/li>\n
          4. Winlogbeat\uff08\u641c\u96c6 Windows \u4e8b\u4ef6\u65e5\u5fd7\u6570\u636e\uff09<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

             <\/p>\n

            \u4e0b\u9762\u4f7f\u7528\u201c\u67b6\u6784\u56fe\u4e00\u201d\u7684\u67b6\u6784\u65b9\u5f0f\u7ed9\u5927\u5bb6\u8bb2\u89e3\u4e00\u4e0b\u642d\u5efa\u548c\u4f7f\u7528\u5355\u4e2aes\u8282\u70b9\u7684\u8fc7\u7a0b\u3002<\/p>\n

             <\/p>\n

            \u4e00\u3001\u5b89\u88c5ELK<\/h1>\n

            \u5b98\u7f51\uff1ahttps:\/\/www.elastic.co\/cn\/downloads\/<\/a><\/p>\n

            1.\u901a\u8fc7yum\u5b89\u88c5ES\r\nsudo vim \/etc\/yum.repos.d\/elasticsearch.repo \r\n  [elasticsearch-7.x]\r\n  name=Elasticsearch repository for 7.x packages\r\n  baseurl=https:\/\/artifacts.elastic.co\/packages\/7.x\/yum\r\n  gpgcheck=1\r\n  gpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\r\n  enabled=1\r\n  autorefresh=1\r\n  type=rpm-md\r\n\r\nsudo yum install elasticsearch kibana logstash\r\n\r\n2.\u901a\u8fc7\u624b\u5de5\u5b89\u88c5\r\n# elasticsearch\r\nwget https:\/\/artifacts.elastic.co\/downloads\/elasticsearch\/elasticsearch-7.2.0-linux-x86_64.tar.gz\r\ntar zxvf elasticsearch-7.2.0-linux-x86_64.tar.gz\r\nmv elasticsearch-7.2.0 elasticsearch\r\ncd elasticsearch\r\n\r\n# logstash: \u4e00\u4e2a\u5f00\u6e90\u7684\u65e5\u5fd7\u6536\u96c6\u7ba1\u7406\u5de5\u5177\r\nwget https:\/\/artifacts.elastic.co\/downloads\/logstash\/logstash-7.2.0.tar.gz\r\ntar zxvf logstash-7.2.0.tar.gz \r\nmv logstash-7.2.0 logstash\r\n\r\n# kibana: \u4e00\u4e2a\u5f00\u6e90\u7684\u5206\u6790\u548c\u53ef\u89c6\u5316\u5e73\u53f0\r\nwget https:\/\/artifacts.elastic.co\/downloads\/kibana\/kibana-7.2.0-linux-x86_64.tar.gz\r\ntar zxvf kibana-7.2.0-linux-x86_64.tar.gz\r\nmv kibana-7.2.0-linux-x86_64 kibana\r\n\r\n# filebeat: \u641c\u96c6\u6587\u4ef6\u6570\u636e\u7684\u5de5\u5177\r\nwget https:\/\/artifacts.elastic.co\/downloads\/beats\/filebeat\/filebeat-7.2.1-linux-x86_64.tar.gz\r\ntar zxvf filebeat-7.2.1-linux-x86_64.tar.gz\r\nmv filebeat-7.2.1-linux-x86_64 filebeat\r\n<\/code><\/pre>\n
             <\/p>\n
            \u4e8c\u3001\u914d\u7f6e\/\u542f\u52a8ES<\/h1>\n
            1.\u8bbe\u7f6e\r\ncd elasticsearch\r\nvim config\/elasticsearch.yml\r\n  cluster.name: mars         #\u96c6\u7fa4\u540d\r\n  node.name: node-1          #\u8282\u70b9\u540d\r\n  network.host: 0.0.0.0      #\u5bf9\u5916ip\r\n  cluster.initial_master_nodes: [\"node-1\"]  #\u8282\u70b9\u53d1\u73b0\r\n  http.port: 9200            #http\u7aef\u53e3\r\n  # \u68c0\u7d22API\u670d\u52a1\u7684\u8de8\u57df\u914d\u7f6e\r\n  http.cors.enabled: true\r\n  http.cors.allow-origin: \"*\"\r\n  http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE\r\n  http.cors.allow-headers: Content-Type,Accept,Authorization,x-requested-with\r\n\r\nsudo vim \/etc\/sysctl.conf\r\n  vm.max_map_count=262144   #jvm\u6700\u5927\u7ebf\u7a0b\u6570(\u9ed8\u8ba4\u4e3a65530)\r\nsudo vim \/etc\/security\/limits.conf \r\n  * soft nofile 65536\r\n  * hard nofile 65536\r\nsudo vim \/etc\/security\/limits.d\/90-nproc.conf \r\n  *          soft    nproc     4096\r\n\r\nsysctl -p    #\u91cd\u65b0\u52a0\u8f7d\u5185\u6838\u914d\u7f6e\r\n\r\n2.\u542f\u52a8\r\n.\/bin\/elasticsearch -d\r\n*\u6ce8\uff1a\u5982\u679c\u542f\u52a8\u4e0d\u6210\u529f\uff0c\u67e5\u770btail logs\/mars.log\u00a0\r\n\r\n3.\u6d4b\u8bd5\r\ncurl 127.0.0.1:9200 # \u6216curl 47.92.25.83:9200\r\n  {\r\n    \"name\" : \"node-1\",\r\n    \"cluster_name\" : \"mars\",\r\n    \"cluster_uuid\" : \"-w0zaSbWTweFFQiL4aYnIA\",\r\n    \"version\" : {\r\n      \"number\" : \"7.2.0\",\r\n      \"build_flavor\" : \"default\",\r\n      \"build_type\" : \"tar\",\r\n      \"build_hash\" : \"508c38a\",\r\n      \"build_date\" : \"2019-06-20T15:54:18.811730Z\",\r\n      \"build_snapshot\" : false,\r\n      \"lucene_version\" : \"8.0.0\",\r\n      \"minimum_wire_compatibility_version\" : \"6.8.0\",\r\n      \"minimum_index_compatibility_version\" : \"6.0.0-beta1\"\r\n    },\r\n    \"tagline\" : \"You Know, for Search\"\r\n  }\r\n4.\u8bbe\u7f6e\u5bc6\u7801\r\nvim config\/elasticsearch.yml\r\n  xpack.security.enabled: true  #\u5f00\u542f\u5b89\u5168\u8ba4\u8bc1\r\n  xpack.security.transport.ssl.enabled: true  #\u5f00\u542fssl\r\n.\/bin\/elasticsearch-setup-passwords interactive\r\n\u00a0   Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.\r\n    You will be prompted to enter passwords as the process progresses.\r\n    Please confirm that you would like to continue [y\/N]y\r\n\r\n    Enter password for [elastic]: \r\n    Reenter password for [elastic]: \r\n    Enter password for [apm_system]: \r\n    Reenter password for [apm_system]: \r\n    Enter password for [kibana]: \r\n    Reenter password for [kibana]: \r\n    Enter password for [logstash_system]: \r\n    Reenter password for [logstash_system]: \r\n    Enter password for [beats_system]: \r\n    Reenter password for [beats_system]: \r\n    Enter password for [remote_monitoring_user]: \r\n    Reenter password for [remote_monitoring_user]: \r\n    Changed password for user [apm_system]\r\n    Changed password for user [kibana]\r\n    Changed password for user [logstash_system]\r\n    Changed password for user [beats_system]\r\n    Changed password for user [remote_monitoring_user]\r\n    Changed password for user [elastic]\r\n    *\u6ce8\uff1a\u8fd9\u91cc\u7edf\u4e00\u8bbe\u7f6e\u6210\u4e86r1\r\n\r\n5.\u91cd\u542f\r\nps aux | grep elasticsearch |grep -v grep| cut -c 9-15 | xargs kill -9\r\n.\/bin\/elasticsearch -d\r\n*\u6ce8\uff1a\u5982\u679c\u542f\u52a8\u4e0d\u6210\u529f\uff0c\u67e5\u770btail logs\/mars.log \r\n\r\n6.\u7528\u6d4f\u89c8\u5668\u8bbf\u95ee\u4f1a\u63d0\u793a\u8f93\u5165\u7528\u6237\u540d\u548c\u5bc6\u7801\r\nhttp:\/\/yanjingang.com:9200\/\r\nelastic\/r1\r\n\r\n<\/code><\/pre>\n
            \"\"<\/a><\/p>\n
             <\/p>\n
            \u4e09\u3001\u914d\u7f6e\/\u542f\u52a8Kibana<\/h1>\n
            1.\u914d\u7f6e\r\nvim kibana\/config\/kibana.yml\r\n    server.port: 5601\r\n    server.host: \"0.0.0.0\"\r\n    elasticsearch.hosts: [\"http:\/\/localhost:9200\"]\r\n    elasticsearch.username: \"elastic\"\r\n    elasticsearch.password: \"r1\"\r\n\r\n2.\u542f\u52a8kibana\r\nnohup .\/kibana\/bin\/kibana > logs\/kibana.log &\r\n\r\n3.\u8bbf\u95ee\r\nhttp:\/\/yanjingang.com:5601\/\r\nelastic\/ri\r\n\r\n<\/code><\/pre>\n
            \"\"<\/a><\/p>\n
            <\/h3>\n
            \u56db\u3001\u6d4b\u8bd5EK<\/h1>\n
            \u4e3b\u9762\u677f\uff0c\u53ef\u4ee5\u901a\u8fc7\u76d1\u542cnginx\/apache\/mysql\/pgsql\/kafka\/redis\u65e5\u5fd7\uff08\u901a\u8fc7Filebeat tail send\uff09\u3001\u4e0a\u4f20csv\/json\u6587\u4ef6\u3001\u6dfb\u52a0\u793a\u4f8b\u6570\u636e\u7b49\u704c\u5165\u6570\u636e\uff1a<\/p>\n
            \"\"<\/a><\/p>\n
            1.\u6dfb\u52a0\u4e86\u98de\u884c\u6570\u636e\u548cweb\u65e5\u5fd7\u793a\u4f8b\u6570\u636e\u7528\u4e8e\u6d4b\u8bd5\uff1a<\/h4>\n
            \"\"<\/a><\/p>\n
            \"\"<\/a><\/p>\n
            2.\u68c0\u7d22\u76ee\u7684\u5730\u662f\u6674\u5929\u4e14\u673a\u7968\u4ef7\u683c<200\u7684\u4e2d\u56fd\u822a\u73ed\uff1a<\/h4>\n
            \"\"<\/a><\/p>\n
            *\u6ce8\uff1a\u67e5\u8be2\u8868\u8fbe\u5f0f\u7528Lucene\u683c\u5f0f\u522b\u4f7f\u7528KQL\uff0cKQL\u592a\u4e0d\u7075\u6d3b\u3002<\/p>\n
            3.\u521b\u5efa\u4e2d\u56fd\u822a\u73ed\u4ef7\u683c\u533a\u95f4\u5206\u6790\u62a5\u8868\uff1a<\/h4>\n
            \u70b9\u51fb\u201cVisualize->Create new visualization\u201d\uff0c\u5728\u5f39\u51fa\u7684\u62a5\u8868\u7c7b\u578b\u4e0a\u9009\u62e9\u201cPie\u201d\u997c\u56fe\uff0c\u5e76\u9009\u62e9\u201ckibana_sample_data_flights\u201d\u98de\u884c\u6570\u636e\u6e90<\/p>\n
            \"\"<\/a><\/p>\n
            \"\"<\/a><\/p>\n
            \u8f93\u5165\u67e5\u8be2CN\u6761\u4ef6\uff0c\u6dfb\u52a0\u8981\u5206\u6790\u7684\u4ef7\u683c\u5206\u5272\u533a\u95f4\uff0c\u70b9\u51fb\u4e09\u89d2\u64ad\u653e\u7bad\u5934\uff0c\u5373\u53ef\u770b\u5230\u5206\u6790\u62a5\u8868\uff0c\u70b9\u51fbsave\u4fdd\u5b58\u5373\u53ef\u3002<\/p>\n
            \"\"<\/a><\/p>\n
            4.\u4e3a\u822a\u73ed\u4ef7\u683c\u62a5\u8868\u6dfb\u52a0\u56fd\u5bb6\u7b5b\u9009\u6761\u4ef6\uff1a<\/h4>\n
            4.1 \u521b\u5efa\u4e0b\u62c9\u63a7\u4ef6\uff1a<\/p>\n
            \u70b9\u51fb\u201cVisualize->Create new visualization\u201d\uff0c\u5728\u5f39\u51fa\u7684\u62a5\u8868\u7c7b\u578b\u4e0a\u9009\u62e9\u201cControls\u201d\u63a7\u4ef6\uff0c\u5728\u63a7\u4ef6\u7f16\u8f91\u754c\u9762\u9009\u62e9\u201cOptions list\u201d\u540e\u70b9\u51fb\u201cAdd\u201d\uff0c\u9009\u62e9\u5bf9\u5e94\u7684\u6570\u636e\u6e90\u548c\u5b57\u6bb5\u540e\u5237\u65b0\u5373\u53ef\u770b\u5230\u6548\u679c\uff0c\u7136\u540e\u4fdd\u5b58\u5373\u53ef\u3002<\/p>\n
            \"\"<\/a><\/p>\n
            4.2 \u628aControls\u4e0b\u62c9\u63a7\u4ef6\u548cPie\u62a5\u8868\u653e\u5230\u4e00\u4e2aDashboard\u770b\u677f\u91cc\uff1a<\/p>\n
            \u70b9\u51fb\u201cDashboard->Create new dashboard\u201d\uff0c\u70b9\u51fb\u201cAdd\u201d\u6309\u94ae\u9009\u62e9Visualize\uff08\u822a\u73ed\u59cb\u53d1\u5730\u56fd\u5bb6\u4e0b\u62c9\u63a7\u4ef6 \u3001\u822a\u73ed\u4ef7\u683c\u5206\u5e03\u8868\uff09\uff0c\u5728\u770b\u677f\u9875\u9762\u7f16\u8f91\u6837\u5f0f\uff0c\u7136\u540e\u4fdd\u5b58\u5373\u53ef\u3002<\/p>\n
            \"\"<\/a><\/p>\n
            4.3 \u5176\u4ed6<\/p>\n
            \u6dfb\u52a0\u793a\u4f8b\u6570\u636e\u540e\u4f1a\u6709\u5f88\u591a\u793a\u4f8b\u62a5\u8868\uff0c\u53ef\u4ee5\u652f\u6301\u8868\u683c\u3001\u5750\u6807\u5730\u56fe\u3001\u70ed\u56fe\u3001\u67f1\u72b6\u56fe\u3001\u6298\u7ebf\u56fe\u3001\u997c\u56fe\u3001\u6807\u7b7e\u4e91\u7b49\uff0c\u4e5f\u652f\u6301\u4eba\u5de5\u7b5b\u9009\u6761\u4ef6\u3001\u62a5\u8868\u6570\u636e\u4e0b\u8f7d\u7b49\uff0c\u53ef\u4ee5\u7528\u6765\u53c2\u8003\u7740\u5b9e\u73b0\u81ea\u5df1\u7684\u5206\u6790\u62a5\u8868\uff0c\u8fd8\u662f\u975e\u5e38\u65b9\u4fbf\u7684\u3002<\/p>\n
             <\/p>\n
            \u4e94\u3001\u704c\u5165\u6570\u636e->\u521b\u5efa\u7d22\u5f15->\u68c0\u7d22<\/h1>\n
            1.\u914d\u7f6efilebeat\u5e76\u5bfc\u5165\u64cd\u4f5c\u7cfb\u7edf\u65e5\u5fd7<\/h4>\n
            cd ~\/service\/es\/filebeat\r\n\r\n# \u914d\u7f6efilebeat\r\nvim filebeat.yml \r\n    output.elasticsearch:\r\n        hosts: [\"localhost:9200\"]    #es\u914d\u7f6e\r\n        username: \"elastic\"\r\n        password: \"r1\"\r\n    setup.kibana:\r\n        host: \"localhost:5601\"         #kibana\u914d\u7f6e\r\n\r\n# \u5f00\u542ffilebeat\u6a21\u5757\r\n.\/filebeat modules enable system    #\u6253\u5f00\u7cfb\u7edf\u65e5\u5fd7\u4f20\u8f93\r\n#.\/filebeat modules enable nginx     #\u6253\u5f00nginx\u65e5\u5fd7\u4f20\u8f93\r\n.\/filebeat modules list    #\u67e5\u770b\u5f53\u524d\u5f00\u542f\u548c\u5173\u95ed\u7684\u6a21\u5757\r\n    Enabled:\r\n      system\r\n    Disabled:\r\n      apache\r\n      auditd\r\n      cisco\r\n      coredns\r\n      elasticsearch\r\n      envoyproxy\r\n      haproxy\r\n      icinga\r\n      iis\r\n      iptables\r\n      kafka\r\n      kibana\r\n      logstash\r\n      mongodb\r\n      mysql\r\n      nats\r\n      netflow\r\n      nginx\r\n      osquery\r\n      panw\r\n      postgresql\r\n      rabbitmq\r\n      redis\r\n      santa\r\n      suricata\r\n      traefik\r\n      zeek\r\n\r\n# \u52a0\u8f7dkibana\u770b\u677f\r\n.\/filebeat setup\r\n    Index setup finished.\r\n    Loading dashboards (Kibana must be running and reachable)\r\n    Loaded dashboards\r\n    Loaded machine learning job configurations\r\n    Loaded Ingest pipelines\r\n\r\n# \u542f\u52a8\r\nsu root  #\u7cfb\u7edf\u65e5\u5fd7\u9700\u8981root\u6743\u9650\u624d\u80fd\u8bbf\u95ee\r\nchown root:root ~\/service\/es\/filebeat -R\r\n.\/filebeat -e\r\n<\/code><\/pre>\n
            \"\"<\/a><\/p>\n
            \u7cfb\u7edf\u65e5\u5fd7\u5df2\u7ecf\u88ab\u76d1\u63a7\u5e76\u81ea\u52a8\u5bfc\u5165es\u5e76\u5728kibana\u91cc\u521b\u5efa\u4e86\u5bf9\u5e94\u4e00\u7cfb\u5217\u7684\u62a5\u8868\u548c\u770b\u677f\uff1a<\/p>\n
            \"\"<\/a><\/p>\n
            \u68c0\u7d22\u539f\u59cb\u65e5\u5fd7\uff1a<\/p>\n
            \"\"<\/a><\/p>\n
            <\/h4>\n
            2.\u4f7f\u7528logstash<\/span><\/span>\u76d1\u63a7\u5e76\u5bfc\u5165\u81ea\u5b9a\u4e49json\u6570\u636e<\/h4>\n
            2.1 \u521b\u5efajson\u6570\u636e\u6587\u4ef6<\/p>\n
            \"\"<\/a><\/p>\n
            *\u6ce8\uff1ajson\u503c\u683c\u5f0f\u5728\u5bfc\u5165es\u65f6\u4f1a\u88ab\u81ea\u52a8\u8bc6\u522b\u8bbe\u7f6e\uff0c\u6240\u4ee5\u5c3d\u91cf\u6309\u6b63\u5f0f\u7d22\u5f15\u683c\u5f0f\u8bbe\u7f6e\uff0c\u4f8b\u5982int\u7684\u522b\u751f\u6210str\u3002<\/p>\n
            2.2 \u914d\u7f6e\/\u542f\u52a8logstash<\/code><\/p>\n
            # \u914d\u7f6elogstash\u8bfb\u53d6json\u6570\u636e\u6587\u4ef6 \r\ncd ~\/service\/es\/logstash\r\ncp config\/logstash-sample.conf config\/logstash-tts.conf\r\nvim config\/logstash-tts.conf\r\n    input {\r\n      file {\r\n        path => [\"\/home\/work\/project\/bumblebee_tts\/data\/music\/split.data\"]\r\n        start_position => \"beginning\"  #\u4ece\u65e5\u5fd7\u5934\u90e8\u5f00\u59cb\u8bfb\u53d6\r\n        codec => \"json\"  #json\u683c\u5f0f\r\n      }\r\n    }\r\n\r\n    # output to es\r\n    output {\r\n      elasticsearch {\r\n        hosts => [\"http:\/\/localhost:9200\"]  #es\u670d\u52a1\r\n        index => \"tts\"          #es\u7d22\u5f15\u540d\r\n        document_id => \"%{id}\"  #doc\u552f\u4e00id,\u7d22\u5f15\u66f4\u65b0\u7528\r\n        # document_type => \"tts\"  #\u7528\u4e8efilter\u7b49(7.x\u540e\u5c06\u79fb\u9664type\uff0c\u4e0d\u63a8\u8350\u914d\u7f6e)\r\n        user => \"elastic\"\r\n        password => \"r1\"\r\n      }\r\n    }\r\n# \u542f\u52a8logstash\r\n.\/bin\/logstash -f .\/config\/logstash-tts.conf<\/code><\/pre>\n
            \"\"<\/a><\/p>\n
            2.3 \u68c0\u67e5es index \u7d22\u5f15\u662f\u5426\u6210\u529f\u521b\u5efa<\/p>\n
            \"\"<\/a><\/p>\n
            2.4 \u521b\u5efakibana Index patterns<\/p>\n
            \"\"<\/a><\/p>\n
            \"\"<\/a><\/p>\n
            2.5 kibana\u68c0\u7d22\u6d4b\u8bd5<\/p>\n
            \"\"<\/a><\/p>\n
            <\/h1>\n
            \u516d\u3001Useful APIs<\/h1>\n
            1. api\u68c0\u7d22\u6d4b\u8bd5<\/p>\n
            # \u67e5\u8be2tt\u7d22\u5f15\u4e2dword:go\u7684\u8bb0\u5f55\r\ncurl --user<\/span> elastic:r1 -X GET<\/span> \"http:\/\/yanjingang.com:9200\/tts<\/span>\/_search<\/span>?q=word:go&pretty\"<\/code><\/pre>\n
            http:\/\/yanjingang.com:9200\/tts\/_search?q=\u54c8\u54c8<\/a><\/p>\n
            \"\"<\/a><\/p>\n
            2. api\u5220\u9664tts\u7d22\u5f15\u4e0b\u7684\u6240\u6709\u6570\u636e<\/p>\n
            # \u5220\u9664\u6307\u5b9a\u7d22\u5f15\u4e0b\u7684\u6240\u6709\u6570\u636e\r\ncurl --user<\/span> elastic:r1 -X POST<\/span> \"http:\/\/yanjingang.com:9200\/tts<\/span>\/_delete_by_query<\/span>\" -H 'Content-Type: application\/json' -d '{\"query\":{\"match_all<\/span>\": {}}}'\r\n\r\n# \u5220\u9664\u6307\u5b9a\u7d22\u5f15\u4e0b\u7b26\u5408\u6761\u4ef6\u7684\u6570\u636e\r\ncurl --user elastic:r1 -X POST \"http:\/\/yanjingang.com:9200\/tts\/_delete_by_query\" -H 'Content-Type: application\/json' -d '{\"query\":{\"term<\/span>\": {\"id\":27}}}'\r\n\r\n<\/span><\/code><\/pre>\n
            3. api\u63d2\u5165\u6570\u636e<\/p>\n
            # \u5411tts\u7d22\u5f15\u63d2\u5165_id=0\u7684\u7684\u6d4b\u8bd5\u8bb0\u5f55\r\ncurl --user<\/span> elastic:r1 -X PUT<\/span> \"http:\/\/yanjingang.com:9200\/tts<\/span>\/_doc<\/span>\/0<\/span>\" -H 'Content-Type: application\/json' -d '{\"id\":0,\"word\":\"test\"}'\r\n\r\n# \u68c0\u67e5_id=0\u7684\u8bb0\u5f55\r\ncurl --user elastic:r1 -X GET \"http:\/\/yanjingang.com:9200\/tts\/_search?q=_id:0&pretty\"<\/code><\/pre>\n
             <\/p>\n
            \u4e5d\u3001\u5176\u4ed6<\/h1>\n
            \u8282\u70b9\u8d44\u6e90\u76d1\u63a7<\/p>\n
            \"\"<\/a><\/p>\n
             <\/p>\n
             <\/p>\n
            yan 18.9.11 23:35<\/p>\n
             <\/p>\n
             <\/p>\n
            \u53c2\u8003\uff1a<\/p>\n
            ES\u57fa\u7840\u73af\u5883\u642d\u5efa<\/a><\/p>\n
            ES\u8bbe\u7f6e\u96c6\u7fa4\u5bc6\u7801<\/a><\/p>\n
            ELK\u539f\u7406\u4e0e\u4ecb\u7ecd<\/a><\/p>\n
            Kibana\u5feb\u901f\u4e0a\u624b<\/a><\/p>\n
            ELK\u4e4bLogStash\u8bfb\u53d6JSON\u65e5\u5fd7\u5206\u7c7b\u578b\u5efa\u7acb\u7d22\u5f15<\/a><\/p>\n
            ES-\u901a\u8fc7API\u8fdb\u884c\u6570\u636e\u68c0\u7d22<\/a><\/p>\n
            Creating a New Filebeat Moduleedit<\/a><\/p>\n
            \u5982\u4f55\u642d\u5efaElasticsearch\u96c6\u7fa4<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
            Elasticsearch \u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u3001\u53ef\u6269\u5c55\u3001\u5b9e\u65f6\u7684\u641c\u7d22\u4e0e\u6570\u636e\u5206\u6790\u5f15\u64ce\u3002\u5b83\u4e0d\u4ec5\u4ec5\u53ea\u662f\u5168\u6587\u641c\u7d22\uff0c\u8fd8\u652f\u6301\u7ed3\u6784\u5316 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[611],"tags":[848,847,844,846,845,865,855],"_links":{"self":[{"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1736"}],"collection":[{"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1736"}],"version-history":[{"count":3,"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1736\/revisions"}],"predecessor-version":[{"id":10449,"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1736\/revisions\/10449"}],"wp:attachment":[{"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yanjingang.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
            http:\/\/yanjingang.com:9200\/tts\/_search?q=word:\u54c8\u54c8\u54c8<\/a><\/p>\n