ELK的架构:
logstash==>redis==>logstash==>elasticsearch==>kibana开始我自己在ES上建索引,
建索引语句如下:
curl -XPUT "http://localhost:9200/qn-service" -d '{"mappings":{"_default_":{"properties":{"speaker":{"type":"string","index":"not_analyzed"},"play_name":{"type":"string","index":"not_analyzed"},"line_id":{"type":"integer"},"speech_number":{"type":"integer"}}}}}'
然后通过logstash导数据到ES后,却发现查询不到数据,然后用
curl http://localhost:9200/_cat/indices?v 命令发现索引的数据为空;
发现es自动建的索引有数据,而我自己的索引数据为空。
找了半天原因没找到,然后就将es中得数据删除,
curl -XDELETE *[/url]
用上述方法重建索引;
然后按照书上《ELK权威指南》上得方法,直接导入数据到es,
curl -XPUT http://localhost:9200/_bulk --data-binary @shakespeare.json
却发现自己建的索引还是没有数据,es却多了一个叫shakespeare得索引,这个索引中有数据,那么我有两点疑问1:为什么我用书上建索引的方法建立索引(shakespeare名字被我改成qn-service)却没有数据?
2:shakespeare这个索引是哪里来得?
logstash shipper.conf
input {
file {
path => ["/data/logs/superErpLog/trace/shakespeare.json"]
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter{
json{
source=>"message"
remove_field => ["message"]
}
}
output {
stdout{}
redis {
host => "localhost"
port => 6379
data_type => "list"
key => "performance"
}
}
logstash center.conf
input {
redis {
host => "localhost"
port => 6379
type => "redis-input"
data_type => "list"
key => "performance"
}
}
output {
stdout {}
elasticsearch {
cluster => "elasticsearch"
host => "localhost"
port => 9200
codec => "json"
protocol => "http"
}
}
logstash==>redis==>logstash==>elasticsearch==>kibana开始我自己在ES上建索引,
建索引语句如下:
curl -XPUT "http://localhost:9200/qn-service" -d '{"mappings":{"_default_":{"properties":{"speaker":{"type":"string","index":"not_analyzed"},"play_name":{"type":"string","index":"not_analyzed"},"line_id":{"type":"integer"},"speech_number":{"type":"integer"}}}}}'
然后通过logstash导数据到ES后,却发现查询不到数据,然后用
curl http://localhost:9200/_cat/indices?v 命令发现索引的数据为空;
发现es自动建的索引有数据,而我自己的索引数据为空。
找了半天原因没找到,然后就将es中得数据删除,
curl -XDELETE *[/url]
用上述方法重建索引;
然后按照书上《ELK权威指南》上得方法,直接导入数据到es,
curl -XPUT http://localhost:9200/_bulk --data-binary @shakespeare.json
却发现自己建的索引还是没有数据,es却多了一个叫shakespeare得索引,这个索引中有数据,那么我有两点疑问1:为什么我用书上建索引的方法建立索引(shakespeare名字被我改成qn-service)却没有数据?
2:shakespeare这个索引是哪里来得?
logstash shipper.conf
input {
file {
path => ["/data/logs/superErpLog/trace/shakespeare.json"]
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter{
json{
source=>"message"
remove_field => ["message"]
}
}
output {
stdout{}
redis {
host => "localhost"
port => 6379
data_type => "list"
key => "performance"
}
}
logstash center.conf
input {
redis {
host => "localhost"
port => 6379
type => "redis-input"
data_type => "list"
key => "performance"
}
}
output {
stdout {}
elasticsearch {
cluster => "elasticsearch"
host => "localhost"
port => 9200
codec => "json"
protocol => "http"
}
}
[尊重社区原创,转载请保留或注明出处]
本文地址:http://searchkit.cn/article/19
本文地址:http://searchkit.cn/article/19
