ES_Kibana_Api和kql

发表于 2022/02/28 更新于 2024/08/23

作者 echoCourage 3 分钟阅读阅读次数:

es

接口调用

查看索引:  curl -u ${user_name}:${user_passwd} -s "http://127.0.0.1:9200/_cat/indices?v"
-u=--user

#删除索引(以及对应的数据)
curl -u ${user_name}:${user_passwd} -X DELETE "127.0.0.1:9200/k8s-prod-logs-2022-01-11?pretty"

# 添加索引模式
curl -s -u ${user_name}:${user_passwd} -f -X POST -H 'Content-Type: application/json' -H 'kbn-xsrf: anything' "${KIBANA_URL}/api/saved_objects/index-pattern/${index_name}" -d"{\"attributes\":{\"title\":\"${index_name}-*\",\"timeFieldName\":\"${time_field}\"}}" >> /dev/null

# 删除索引模式
curl -s -u ${user_name}:${user_passwd} -f -X DELETE "${KIBANA_URL}/api/saved_objects/index-pattern/${index_name}" -H 'kbn-xsrf: true'

#添加默认索引
curl -s -u ${user_name}:${user_passwd} -f -XPOST -H 'Content-Type: application/json' -H 'kbn-xsrf: anything' ${KIBANA_URL}/api/kibana/settings/defaultIndex -d "{\"value\":\"accesslog-${default_index}\"}" 

################################################
# 已创建的索引分片数无法改变，但是副本数可以修改
################################################

# 调节索引副本数为0
curl -u elastic:12345678 -X PUT http://172.17.3.7:9200/_settings -H 'Content-Type: application/json' -d '{ "template": "test-log-*", "settings": { "number_of_replicas": "0" }}'


# 配置索引模板: 之后创建索引副本为0
curl -u elastic:12345678 -X PUT http://172.17.3.7:9200/_template/log -H 'Content-Type: application/json' -d '{ "template": "*", "settings": { "number_of_shards": 1, "number_of_replicas": "0" }}'

kibana

kql语句

GET _search
{
  "query": {
    "match_all": {}
  }
}

GET /.kibana*/_settings? 


POST /cs_indexs/_forcemerge?max_num_segments=1


PUT /cs_indexs/_settings
{
  "number_of_replicas": 0
}

# 检测es是否正常
GET _cluster/health

GET _cat/nodes
GET _cat/shards


GET k8s-prod-logs-*/_search
{
  "query": {
    "range": {
      "timestamp": {
        "gt": "2022-01-14 00:00:00",
        "lt": "2022-01-17 00:00:00"
      }
    }
  }
}

GET k8s-prod-logs-*/_mapping

GET _template



## 查询所有的相同前缀索引
GET k8s-prod-logs-*/_search

POST /twitter/_doc?routing=kimchy
{
  "user":"kimchy",
  "postDate":"2019-11-05",
  "message":"trying out Elasticsearch"
}

GET /twitter/_search?routing=kimchy
{
  "query": {
    "term": {
      "user": {
        "value": "kimchy"
      }
    }
  }
}

{
  "took": 1,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 1,
    "max_score": 0.2876821,
    "hits": [
      {
        "_index": "twitter",
        "_type": "_doc",
        "_id": "qLSaOm4BDE4t6YNu7VC4",
        "_score": 0.2876821,
        "_routing": "kimchy",
        "_source": {
          "user": "kimchy",
          "postDate": "2019-11-05",
          "message": "trying out Elasticsearch"
        }
      }
    ]
  }
}

GET /twitter/_search
{
  "query": {
    "term": {
      "user": {
        "value": "kimchy"
      }
    }
  }
}

 "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  }

#更新证书
POST /_license/start_basic?acknowledge=true
{
  "licenses": [
    {
      "uid":"1fd51ab7-777b-4d94-99c3-786ec15223e7",
      "type":"basic",
      "issue_date_in_millis":1411948800000,
      "expiry_date_in_millis":1677283199999,
      "max_nodes":100,
      "issued_to":"AB Muker (AB)",
      "issuer":"Web Form",
      "signature":"******/Fz92UuEx/LlONQ5DfgfOYyPgFMUu2earwWP3QqZyD4QAzWa/BuZfGhpvyBqB5WZlN81+12bRGjiEoiQqKs8/******+5WQdWMktFZ7TGCcj5/cmjvRrxUt/DRgX6ZwDMKfQ0pNmaitvVrjFid/nTBieSIVBKo0nGdMZI9Y1c+lulQJmgb2+i7N/EgXtVJ+eUcb0yf3GCu/dfod1FhlbU5LbmyedbOrnm2okdvS4Liv5pZrVG",
      "start_date_in_millis": 1645660800000
    }
    ]
}


# ***索引近30分钟的错误日志
GET abke-plat-app-cms-*/_search
{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "@timestamp": {
              "gte": "now-30m"
            }
          }
        }
      ],
      "must": [
        {
          "match": {
            "log_Level": "ERROR"
          }
        }
      ]
    }
  }
}

 

各类中间件的使用, ELK

各类中间件的使用 ELK

本文由作者按照 CC BY 4.0 进行授权

es

接口调用

kibana

kql语句

热门标签