Elasticsearch日志收集
Install pip if necessary
python get-pip.py |
Install Curator for Elasticsearch
Elasticsearch Curator helps you curate, or manage, your Elasticsearch indices and snapshots by:
- Obtaining the full list of indices (or snapshots) from the cluster, as the actionable list
- Iterate through a list of user-defined filters to progressively remove indices (or snapshots) from this actionable list as needed.
- Perform various actions on the items which remain in the actionable list.
pip install elasticsearch-curatorpip install click==6.7 |
Configure curator
mkdir -p /var/log/elastictouch /var/log/elastic/curator.logmkdir ~/.curatorvi ~/.curator/curator.yml |
# Remember, leave a key empty if there is no value. None will be a string,## not a Python "NoneType"client:hosts: [Elasticsearch Server IP]port: 9200url_prefix:use_ssl: Falsecertificate:client_cert:client_key:ssl_no_validate: Falsehttp_auth:timeout: 30master_only: Falselogging:loglevel: INFOlogfile: /var/log/elastic/curator.loglogformat: defaultblacklist: ['elasticsearch', 'urllib3'] |
Have a test, now you can get the indices list
curator_cli show_indices
Create repository
Configure elasticseach.yml default in /etc/elasticsearch/elasticsearch.yml
path.repo: /u01/elasticsearch/backuphttp.max_header_size: 16kb |
Restart elasticsearch service (service elasticsearch restart) to make the configurations work.
Create repository elasticsearch. Ensure location points to a valid path which is configured in path.repo, accesable from all nodes.
curl -XPUT http://localhost:9200/_snapshot/es_backup -H "Content-Type: application/json" -d @repository.json |
{ "type": "fs", "settings": { "compress": true, "location": "/u01/elasticsearch/backup" }} |
Have a test
curl -XGET 'localhost:9200/_snapshot/_all?pretty=true' |
Create curator yaml action files
daily_backup.yml
Customize the snapshot name in name option
action 1: backup all indices before today to repository elasticsearch with specified snapshot name
action 2: delete indices older than 185 days
---actions: 1: action: snapshot description: >- Snapshot selected all indices to repository 'elasticsearch' with the snapshot name options: repository: es_backup name: '<c4cert-{now/d-1d}>' wait_for_completion: True max_wait: 4800 wait_interval: 30 filters: - filtertype: age source: name direction: older unit: days unit_count: 1 timestring: "%Y.%m.%d" 2: action: delete_indices description: >- Delete indices which is older than 185 days filters: - filtertype: age source: name direction: older unit: days unit_count: 185 timestring: "%Y.%m.%d" |
del_snapshot.yml
action 1: Delete snapshots from repository elasticsearch which is older than 185 days
---actions: 1: action: delete_snapshots description: >- Delete snapshots from repository which is older than 185 days options: repository: es_backup retry_interval: 120 retry_count: 3 filters: - filtertype: age source: creation_date direction: older unit: days unit_count: 185 |
restore.yml
action 1: Restore all indices in the most recent snapshot with state SUCCESS.
---actions: 1: action: restore description: >- Restore all indices in the most recent snapshot with state SUCCESS. Wait for the restore to complete before continuing. Do not skip the repository filesystem access check. Use the other options to define the index/shard settings for the restore. options: repository: es_backup # If name is blank, the most recent snapshot by age will be selected name: # If indices is blank, all indices in the snapshot will be restored indices: wait_for_completion: True max_wait: 3600 wait_interval: 10 filters: - filtertype: state state: SUCCESS |
Note: use --dry-run option to verify your action without any change. Find the dry run results in log path.
Curator --dry-run daily_backup.yml
Shell script and crontab
#!/bin/shcurator /u01/curator/del_snapshot.ymlcurator /u01/curator/daily_backup.yml |
crontab -e
Here configured the job run on every 3 AM
0 3 * * * /bin/sh /u01/curator/run.sh |
Restore
Curator restore.yml
Tested OK in CERT env.
Some useful API
# get all repositoriescurl -XGET 'localhost:9200/_snapshot/_all?pretty=true'# delete repositorycurl -XDELETE 'localhost:9200/_snapshot/es-snapshot?pretty=true'# show snapshotscurator_cli show_snapshots --repository es_backup# show indicescurator_cli show_indices |
Elasticsearch日志收集的更多相关文章
- Linux下单机部署ELK日志收集、分析环境
一.ELK简介 ELK是elastic 公司旗下三款产品ElasticSearch .Logstash .Kibana的首字母组合,主要用于日志收集.分析与报表展示. ELK Stack包含:Elas ...
- 快速搭建应用服务日志收集系统(Filebeat + ElasticSearch + kibana)
快速搭建应用服务日志收集系统(Filebeat + ElasticSearch + kibana) 概要说明 需求场景,系统环境是CentOS,多个应用部署在多台服务器上,平时查看应用日志及排查问题十 ...
- 日志收集之--将Kafka数据导入elasticsearch
最近需要搭建一套日志监控平台,结合系统本身的特性总结一句话也就是:需要将Kafka中的数据导入到elasticsearch中.那么如何将Kafka中的数据导入到elasticsearch中去呢,总结起 ...
- GlusterFS + lagstash + elasticsearch + kibana 3 + redis日志收集存储系统部署 01
因公司数据安全和分析的需要,故调研了一下 GlusterFS + lagstash + elasticsearch + kibana 3 + redis 整合在一起的日志管理应用: 安装,配置过程,使 ...
- 基于logstash+elasticsearch+kibana的日志收集分析方案(Windows)
一 方案背景 通常,日志被分散的储存不同的设备上.如果你管理数十上百台服务器,你还在使用依次登录每台机器的传统方法查阅日志.这样是不是感觉很繁琐和效率低下.开源实时日志分析ELK平台能够完美的 ...
- 用ElasticSearch,LogStash,Kibana搭建实时日志收集系统
用ElasticSearch,LogStash,Kibana搭建实时日志收集系统 介绍 这套系统,logstash负责收集处理日志文件内容存储到elasticsearch搜索引擎数据库中.kibana ...
- ELK(Elasticsearch + Logstash + Kibana) 日志收集
单体应用或微服务的场景下,每个服务部署在不同的服务器上,需要对日志进行集重收集,然后统一查看所以日志. ELK日志收集流程: 1.微服务器上部署Logstash,对日志文件进行数据采集,将采集到的数据 ...
- logstash+elasticsearch+kibana搭建日志收集分析系统
来源: http://blog.csdn.net/xifeijian/article/details/50829617 日志监控和分析在保障业务稳定运行时,起到了很重要的作用,不过一般情况下日志都分散 ...
- syslog+rsyslog+logstash+elasticsearch+kibana搭建日志收集
最近rancher平台上docker日志收集捣腾挺久的,尤其在配置上,特写下记录 Unix/Linux系统中的大部分日志都是通过一种叫做syslog的机制产生和维护的.syslog是一种标准的协议,分 ...
随机推荐
- 【Oracle】删除手工创建的数据库
众所周知,DBCA创建的数据库可以通过DBCA命令删除,但是手工创建的数据库却不能用此方式删除,下面给出删除方式: SQL> startup mount exclusive SQL> al ...
- 【MySQL】通信协议
1.TCP/IP(Transmission Control Protocol/Internet Protocol) 该通信协议套件用于连接 Internet 上的主机.在 Linux 操作系统中,TC ...
- 图像局部显著性—点特征(GLOH)
基于古老的Marr视觉理论,视觉识别和场景重建的基础即第一阶段为局部显著性探测.探测到的主要特征为直觉上可刺激底层视觉的局部显著性--特征点.特征线.特征块. 相关介绍:局部特征显著性-点特征(SIF ...
- 【sqli-labs】 less14 POST - Double Injection - Single quotes- String -twist (POST型单引号变形双注入)
名字和less13一样? 看了下源码对比 less13 less14 less14应该是双引号吧 出错 构造永真登陆
- Typeclassopedia
https://wiki.haskell.org/wikiupload/8/85/TMR-Issue13.pdf By Brent Yorgey, byorgey@gmail.com Original ...
- idea搭建第一个springboot
1.打开idea开发工具,在菜单栏选择File-->New-->Project...-->Spring Initializer说明:社区版的idea是没有Spring Initial ...
- 再谈应用环境下的 TIME_WAIT 和 CLOSE_WAIT
转自:http://blog.csdn.net/shootyou/article/details/6622226 昨天解决了一个 HttpClient 调用错误导致的服务器异常,具体过程如下: htt ...
- [bzoj3029] 守卫者的挑战 (概率期望dp)
传送门 Description 打开了黑魔法师Vani的大门,队员们在迷宫般的路上漫无目的地搜寻着关押applepi的监狱的所在地.突然,眼前一道亮光闪过."我,Nizem,是黑魔法圣殿的守 ...
- js中二维数组的创建方法 2017-04-04 14:50 120人阅读 评论(0) 收藏
法一:var myarr=[[0,1,2],[1,2,3]]; 将[0,1,2]看做原来的0,将[1,2,3]看做原来的1,而二者又分别为子数组 如myarr[0][1]=1,myarr[1][1]= ...
- 不用form怎么post数据
数据传输是用户交互中最重要的环节,下面收集了几个数据传输的方法,作为记录(未测试,在使用之前需要测试,如果后面我测试了,会对已测试项进行标注) 一. 网址传递 <a href=”test.php ...