http://wiki.eijux.com/index.php?action=history&feed=atom&title=ElasticSearch%EF%BC%9A%E8%BF%90%E7%BB%B4%E7%9B%B8%E5%85%B3
ElasticSearch:运维相关 - 版本历史
2026-04-29T14:44:43Z
本wiki上该页面的版本历史
MediaWiki 1.38.2
http://wiki.eijux.com/index.php?title=ElasticSearch%EF%BC%9A%E8%BF%90%E7%BB%B4%E7%9B%B8%E5%85%B3&diff=6486&oldid=prev
2023年3月31日 (五) 14:02 Eijux
2023-03-31T14:02:55Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="zh-Hans-CN">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">←上一版本</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">2023年3月31日 (五) 22:02的版本</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">第1行:</td>
<td colspan="2" class="diff-lineno">第1行:</td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[category:<del style="font-weight: bold; text-decoration: none;">ElasticSearch</del>]]</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[[category:<ins style="font-weight: bold; text-decoration: none;">ElasticSearch教程</ins>]]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== 关于 ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== 关于 ==</div></td></tr>
</table>
Eijux
http://wiki.eijux.com/index.php?title=ElasticSearch%EF%BC%9A%E8%BF%90%E7%BB%B4%E7%9B%B8%E5%85%B3&diff=3746&oldid=prev
Eijux:建立内容为“category:ElasticSearch == 关于 == 【转自:[https://www.orchome.com/Elasticsearch/index https://www.orchome.com/Elasticsearch/index]】 == 设置elasti…”的新页面
2021-05-22T11:10:05Z
<p>建立内容为“<a href="/%E5%88%86%E7%B1%BB:ElasticSearch" title="分类:ElasticSearch">category:ElasticSearch</a> == 关于 == 【转自:[https://www.orchome.com/Elasticsearch/index https://www.orchome.com/Elasticsearch/index]】 == 设置elasti…”的新页面</p>
<p><b>新页面</b></p><div>[[category:ElasticSearch]]<br />
<br />
== 关于 ==<br />
【转自:[https://www.orchome.com/Elasticsearch/index https://www.orchome.com/Elasticsearch/index]】<br />
<br />
== 设置elasticsearch的默认分区数和副本数 ==<br />
elasticsearch 5.1版本,默认在配置中可设置分区和副本的数量现在不能使用了。<br />
<br />
<br />
修改现有elasticsearch的默认副本数:(如下,修改:副本数为0)<br />
<syntaxhighlight lang="bash" highlight=""><br />
curl -XPUT https://192.168.x.x:9200/_settings -d '<br />
{<br />
"index":{<br />
"number_of_replicas":0<br />
}<br />
}<br />
</syntaxhighlight><br />
<br />
<br />
设置elasticsearch默认模板:(如下,修改:分区数为10,副本数为0)<br />
<syntaxhighlight lang="bash" highlight=""><br />
curl -XPUT https://192.168.x.x:9200/_template/log -d '{<br />
"template": "log-*",<br />
"settings": {<br />
"number_of_shards": 10,<br />
"number_of_replicas": "0"<br />
}<br />
}<br />
</syntaxhighlight><br />
* 这样后面生成 log-* 的索引都会按照这个模板来了。<br />
* 参见:【'''[https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-templates.html 模板官网页面]'''】<br />
<br />
== Elasticsearch删除历史日志 ==<br />
示例,从 kafka 采集日志到 es 的相关 logstash 的配置:<br />
<syntaxhighlight lang="bash" highlight=""><br />
input{<br />
kafka{<br />
topics => ["logs-normal","logs-error","logs-point"]<br />
bootstrap_servers => "192.168.x.x:9092,192.168.x.x:9092,192.168.x.x:9092"<br />
codec => json<br />
group_id=> "logstash"<br />
codec => multiline {<br />
pattern => "\s"<br />
negate=>true<br />
what => "previous"<br />
}<br />
}<br />
}<br />
filter{<br />
grok{<br />
match => {"message" => "\[(?<datetime>\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3})"}<br />
}<br />
date{<br />
match => ["datetime", "yyyy-MM-dd HH:mm:ss,SSS"]<br />
target => "@timestamp"<br />
}<br />
mutate {<br />
remove_field => ["datetime"]<br />
}<br />
}<br />
output{<br />
elasticsearch {<br />
action => "index"<br />
hosts => ["192.168.x.x:9200","192.168.x.x:9200","192.168.x.x:9200"]<br />
index => "applog-%{+YYYY.MM.dd}"<br />
}<br />
}<br />
</syntaxhighlight><br />
如上,“index => "applog-%{+YYYY.MM.dd}"”会根据 timestamp 的时间来生成每天的日志块,那么删除日志也根据“索引+日期”来删除。<br />
<br />
如:<br />
<syntaxhighlight lang="bash" highlight=""><br />
curl -XDELETE "192.168.101.123:9200/applog-2016.12.26"<br />
</syntaxhighlight><br />
查看日志存储的位置,磁盘已经释放了。<br />
<br />
== ElasticSearch定时删除数据 ==<br />
如下脚本可以定时删除数据:<br />
: (新建 delete_es_by_day.sh 脚本)<br />
<syntaxhighlight lang="bash" highlight=""><br />
#!/bin/sh <br />
# example: sh delete_es_by_day.sh logstash-kettle-log logsdate 30 <br />
<br />
index_name=$1 <br />
daycolumn=$2 <br />
savedays=$3 <br />
format_day=$4 <br />
<br />
if [ ! -n "$savedays" ]; then <br />
echo "the args is not right,please input again...." <br />
exit 1 <br />
fi <br />
<br />
if [ ! -n "$format_day" ]; then <br />
format_day='%Y%m%d' <br />
fi <br />
<br />
sevendayago=`date -d "-${savedays} day " +${format_day}` <br />
<br />
curl -XDELETE "10.130.3.102:9200/${index_name}/_query?pretty" -d " <br />
{ <br />
"query": { <br />
"filtered": { <br />
"filter": { <br />
"bool": { <br />
"must": { <br />
"range": { <br />
"${daycolumn}": { <br />
"from": null, <br />
"to": ${sevendayago}, <br />
"include_lower": true, <br />
"include_upper": true <br />
} <br />
} <br />
} <br />
} <br />
} <br />
} <br />
} <br />
}" <br />
<br />
echo "ok"<br />
</syntaxhighlight><br />
参数说明:<br />
# 索引名;<br />
# 日期字段名;<br />
# 保留最近几天数据,单位天;<br />
# 日期格式,可不输(默认形式20160101)<br />
<br />
== ElasticSearch中根据查询结果删除数据(delete by query) ==<br />
原有的方法在2.0版本中已经删除了,提供了delete by query插件来实现这个功能。<br />
<br />
<br />
# 安装插件:<br />
#: <syntaxhighlight lang="bash" highlight=""><br />
cd /path/to/ElasticSearch<br />
sudo bin/plugin install delete-by-query<br />
</syntaxhighlight><br />
#: 成功安装后:<br />
#: [[File:Elasticsearch:安装delete-by-query插件.png|400px]]<br />
#* 集群环境下必须在每个结点上安装,安装之后要重启结点才能使这个插件生效。<br />
#*(安装和重启之后就可以像2.0以前的版本一样使用delete by query了。)<br />
# 执行删除命令:<br />
#: <syntaxhighlight lang="bash" highlight=""><br />
curl -XDELETE 'https://10.0.21.xx:9200/applog/logs/_query?pretty' -d ' <br />
{<br />
"query": {<br />
"filtered": {<br />
"filter": {<br />
"range": {<br />
"@timestamp": {<br />
"lte": "2016-11-21"<br />
}<br />
}<br />
}<br />
}<br />
}<br />
}'<br />
</syntaxhighlight><br />
# 合并:????什么鬼????<br />
#: <syntaxhighlight lang="bash" highlight=""><br />
curl -XPOST 'https://10.0.21.xx:9200/applog/_optimize?max_num_segments=1'<br />
</syntaxhighlight></div>
Eijux