[svc]elk5.x x-pack插件使用(elasticsearch5)
来源:互联网 发布:java svn资源库导出去 编辑:程序博客网 时间:2024/05/22 01:59
想要2个功能:
1,日志报表发邮件
2,日志报警
测了老半天测的吐血.
1.安装过程--遇到的问题
先装es再装kibana
再在es目录安装x-pack()
kibana里面安装x-pack
在elasticsearch.yml中设置xpack.security.enabled: false
重启es
重启kibana
访问IP:9200,正常,告诉我去搜索。
访问IP:5601,页面不展示,浏览器上说重定向过多,
依据官网也在kibana.yml中配置了xpack.security.enabled: false,
访问kibana没数据
elk安装(http://bbotte.blog.51cto.com/6205307/1613571)
2,查看索引
curl 'http://192.168.14.134:9200/_search?pretty'
3,安装xpack
./elasticsearch/bin/elasticsearch-plugin install file:///usr/local/x-pack-5.2.0.zip
./kibana/bin/kibana-plugin install file:///usr/local/x-pack-5.2.0.zip
./logstash/bin/logstash-plugin install file:///usr/local/x-pack-5.2.0.zip
xpack安装(https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html)
xpack(破解,仅5.2版本)(http://blog.csdn.net/mvpboss1004/article/details/65445023)
注意:最新的5.4破解不好用.
licence得自己申请后改
{"license":{"uid":"7c05f405-6c40-4acb-b2e3-f60e3bd589b4","type":"basic","issue_date_in_millis":1496620800000,"expiry_date_in_millis":1528243199999,"max_nodes":100,"issued_to":"lanny ma (tt100)","issuer":"Web Form","signature":"AAAAAwAAAA2DOwdPxO9fkXfph+U4AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBYiKu/XhqFwLgFQOu0N2YgrI7RJ3B7O45qFbVJjfMmHDBMmKb7iEr+IDj5WLxhkvBEKLGLx+nVwdxLWqFSw/4lQNHaErjwx4IB1qzkFV12bhPXjIQrbowpBJNfA+T+SKRWvUiurCVxT1m3HSY9rR8huKFxsR6RG/jOWU3TT6GURwocxxnd8KKkZHhIMkS5c7wh9ZTVNVWmEfBbQPl4tpOiu9qiAwf9k0HQBQBaR/NgcwWhrDc4rK5u/z6YJwQueNjJDdtrAHdC2hWa+LaLYD2wG9uV8ti3sYQl6pNwUd4G9jobE2INFX/+EGIGyOwsp03JdwVrEu9DzNC8e3kNr3y5","start_date_in_millis":1496620800000}}{"license":{"uid":"helloworld","type":"platinum","issue_date_in_millis":1486598400000,"expiry_date_in_millis":2524579200999,"max_nodes":1000,"issued_to":"helloworld","issuer":"Web Form","signature":"helloworld","start_date_in_millis":1486598400000}
安装licence:
licence.json放到/tmp/licence.json
curl -XPUT -u elastic 'http://SID-HZ-ES1:9200/_xpack/license?acknowledge=true' -d @/tmp/license.json
参考:
https://blog.yourtion.com/install-x-pack-for-elasticsearch-and-kibana.html
输入到es
[root@linux-node1 application]# cat nginx_access.confinput{ file{ path => ["/var/log/nginx/access.log"] codec => "json" }}output{ elasticsearch{ # username: elastic # password: changeme hosts => ["127.0.0.1:9200"] index => "nginx-www-access-%{+YYYY.MM.dd}" }}
#安装nginx并配置日志
yum install nginx -y修改日志 log_format json '{"@timestamp": "$time_iso8601",' '"@version": "1",' '"client": "$remote_addr",' '"url": "$uri", ' '"status": "$status", ' '"domain": "$host", ' '"host": "$server_addr",' '"size":"$body_bytes_sent", ' '"response_time": "$request_time", ' '"referer": "$http_referer", ' '"http_x_forwarded_for": "$http_x_forwarded_for", ' '"ua": "$http_user_agent" } ';
https://blog.yourtion.com/install-x-pack-for-elasticsearch-and-kibana.html
告警
报警 Alerting
Elasticsearch 中报警功能的实现目前还不算特别智能,这里我们只简单了解一下其工作机制,具体在需要的时候可以根据文档来进行设置。
简单来说,我们需要自己设定触发条件,并指定条件触发之后的动作。一个实际的例子就是,如果发现近十分钟内某个接口一直返回 503 错误,那么就发送邮件通知。分解一下,一个可能的逻辑是:
- Trigger: 每十分钟执行一次
- Input: 对某个 index 进行检索,查询日志中状态为 error 的条目
- Condition: 如果 error 的次数超过 5 次,则认为触发了条件
- Transform: 触发之后会再次进行检索,检索的结果可以被之后的动作访问
- Actions: 执行具体的操作,可以是通知第三方系统或发送邮件等
上面的套路对应到配置文件就是:
PUT _xpack/watcher/watch/log_errors{"metadata" : {"color" : "red"},"trigger" : {"schedule" : {"interval" : "5m"}},"input" : {"search" : {"request" : {"indices" : "log-events","body" : {"size" : 0,"query" : { "match" : { "status" : "error" } }}}}},"condition" : {"compare" : { "ctx.payload.hits.total" : { "gt" : 5 }}},"transform" : {"search" : {"request" : {"indices" : "log-events","body" : {"query" : { "match" : { "status" : "error" } }}}}},"actions" : {"my_webhook" : {"webhook" : {"method" : "POST","host" : "mylisteninghost","port" : 9200,"path" : "/{{watch_id}}","body" : "Encountered {{ctx.payload.hits.total}} errors"}},"email_administrator" : {"email" : {"to" : "sys.admino@host.domain","subject" : "Encountered {{ctx.payload.hits.total}} errors","body" : "Too many error in the system, see attached data","attachments" : {"attached_data" : {"data" : {"format" : "json"}}},"priority" : "high"}}}}
以上也可以在 Dev Tools 中的面板中执行试试看。
参考: 写的还不错: http://wdxtub.com/2016/11/19/babel-log-analysis-platform-3/阅读全文
0 0
- [svc]elk5.x x-pack插件使用(elasticsearch5)
- centos7 elasticsearch5.2.2安装x-pack
- windows 安装elasticsearch5.4.0 x-pack失败
- windows下elasticsearch5.6.0 安装x-pack
- Elasticsearch5.X head插件安装
- Elasticsearch5.x Head插件安装
- ElasticSearch5.4.3 环境搭建 2017 (4-安全插件-监控工具x-pack)
- ELK5.x搭建全纪录
- 编程实践7—升级 Elasticsearch5.0 之x-pack
- centos+elasticsearch5.1+ik+head+kibana+x-pack安装
- x-pack安装结合elasticsearch5.4和kibana5.4
- x-pack安装结合elasticsearch5.4和kibana5.4
- windows下安装elasticSearch5.X head插件
- windows下安装elasticSearch5.X head插件
- Elasticsaech-head插件安装 Elasticsearch5.X
- Elasticsearch安装后x-pack插件后使用CRUL
- elasticsearch插件 x-pack.security组件的使用
- ElasticSearch5.X IK分词器使用
- 关于idea中无法正确依赖本地仓库,且无法连接远程仓库的解决办法
- Ajax
- 练习67
- 238. Product of Array Except Self
- MVC,MVP 和 MVVM的图示区别
- [svc]elk5.x x-pack插件使用(elasticsearch5)
- maven创建Web项目启动错误The servlets named [X] and [Y] are both mapped to the url-pattern [/DemoServlet]
- springmvc环境搭建以及常见问题解决
- ASP.NET WebAPI 连接数据库
- 重绘与回流
- 练习68
- VS2012破解版VisualAssist
- 暴力卸载CDH 5.x
- 类初始化