Use of Elk

First install the JDK, I use OPEN-JDK here

Yum List all | grep JDK

Yum-y install Java-1.8.0-openjdk-devel, java-1.8.0-openjdk.x86_64 and java-1.8.0-openjdk-headless.x86_64 as dependent packages

Installation

echo "Export Java_home=/usr/bin" >/etc/profile.d/java.sh

EXEC bash

Yum-y Install elasticsearch-1.7.2.noarch.rpm installation Elasticsearch

VIM/ETC/ELASTICSEARCH/ELASTICSEARCH.YML Editing a configuration file

Cluster.name:elasticsearch named cluster for Elasticsearch

Node.name: "Node1" is named for this node Node1

Service Elasticsearch Start

SS-TNL viewing ports 9200 and 9300 are turned on

The cluster here I use three nodes, respectively, in the other two nodes for the same configuration, note that the node cannot be the same

Once configured, you can catch the packet on one node tcpdump-i eth1-nn TCP port 9300

Curl ' Http://192.168.204.129:9200/?pretty ' to see if a node is functioning properly

Show "status": 200 indicates normal operation

Curl ' http://192.168.204.129:9200/_cat/' This command can view a lot of information about a node

It means to support a lot of operations under CATAPI.

For example, curl ' http://192.168.204.129:9200/_cat/nodes ' displays node information

Curl ' http://192.168.204.129:9200/_cat/nodes?v ' displays more detailed information

Curl ' http://192.168.204.129:9200/_cat/nodes?help ' get help

Curl ' http://192.168.204.131:9200/_cat/indices ' view index

There are a lot of commands here not to introduce.

Cluster API

For example Curl ' http://192.168.204.131:9200/_cluster/health?pretty ' view health status

Curl ' Http://192.168.204.131:9200/_cluster/health?level=indicies&pretty '

View the level of the index

Curl ' Http://192.168.204.131:9200/_cluster/state?pretty '

View status

Curl ' Http://192.168.204.131:9200/_cluster/stats?pretty '

To view statistical information

There are many commands in the cluster API that are not covered here.

Plugins

Plug-in extension ES features

Add custom mapping types, custom analyzers, local scripts, custom discovery methods

Installation:
Place the plug-in directly in the plugins directory, directory/usr/share/elasticsearch/plugins, using the RPM-QL elasticsearch command to view

Using the plugin script for installation, the script path for/usr/share/elasticsearch/bin/plugin,/usr/share/elasticsearch/bin/plugin-h lists the commands to help

Help-L lists installed plugins,-I or--install,-u name plugin URL

Local Installation Example:/usr/share/elasticsearch/bin/plugin-i marvel-u file:///root/marvel-latest.zip

Site plugin: head-master.zip marvel-latest.zip bigdesk-master.zip

These plugins can be accessed directly via the browser after installation

Example: Http://192.168.204.129:9200/_plugin/marvel

Create document:
curl-xput "localhost:9200/ Students/class1/2?pretty '-d '
> {
> "first_name": "Rong",
> "last_name": "Huang",
> " Gender ":" Female ",
>" Age ": $,
> "courses": "Luoying Shenjian"
{

Span style= "FONT-SIZE:14PT;" > "_type": "Class1",


"created": True
}

curl-xput ' Localhost:9200/students/class1/1?pretty '-d '
{





"

get document:
~]# curl-xget ' localhost : 9200/students/class1/2?pretty '



"_version": 1,

"_source":
{
Span style= "FONT-SIZE:14PT;" > "first_name": "Rong",

"gender": "Female",


}
}

To update a document:

The Put method overwrites the original document

If only part of the content is updated, use the _update API

~]# curl-xpost ' Localhost:9200/students/class1/2/_update?pretty '-d '
{
"Doc": {"age": 22}
}‘
{
"_index": "Students",
"_type": "Class1",
"_id": "2",
"_version": 2
}
Delete Document: detele~]# curl-xdelete ' LOCALHOST:9200/STUDENTS/CLASS1/2 '

Delete index: ~]# curl-xdelete ' localhost:9200/students '

~]# curl-xget ' localhost:9200/_cat/indices?v '

Querying data: Query API

The execution of query operations in ES is divided into two phases: the dispersion phase merging phase

Query method: There are two ways to initiate query requests to ES

1. Query via RESTful request API, also known as query string

2. By sending the rest request body

~]# curl-xget ' localhost:9200/students/_search?pretty ' not commonly used

~]# curl-xget ' Localhost:9200/students/_search?pretty '-d '
> {
> "Query": {"Match_all": {}}
> ' effect is the same, query all results

Multi-indexed, multi-type queries:

/_search: All Indexes

/index_name/_search: Single Index

/index1,index2/_search: Multi-index

/s*,t*/_search wildcard characters

/students/class1/_search: Single-type search

/students/class1,class2/_search: Multi-type search

Mapping and Analysis:

ES: For each document, all values for all of its fields are obtained, and a domain named "_all" is generated, and when the query is executed, if the domain of the query is not specified in Query_string, the

Perform a query operation on a _all domain

Curl ' localhost:9200/students/_search?q= ' Xianglong "&pretty"

Curl ' localhost:9200/students/_search?q= ' Xianglong%20shiba%20zhang "&pretty"

Curl ' localhost:9200/students/_search?q=courses: ' Xianglong%20shiba%20zhang ' &pretty '

Curl ' localhost:9200/students/_search?q=courses: ' Xianglong ' &pretty '

Top two: Indicates a search in the _all domain;% 20 represents a space

Last two: Search on the specified domain

The query can also be manipulated at this address of the browser http://192.168.204.129:9200/_plugin/marvel/sense/

Note: Searching on the specified domain is an exact match.

Data types for document storage: String, Numbers, Boolean, dates

View mapping example of a specified type: ~]# curl ' Localhost:9200/students/_mapping/class1?pretty '

The data that is searched in Es can be understood broadly as two categories:

Types:exact

Full-text

Exact value: Refers to the raw original value, and the exact match when searching;

Full-text: Used to refer to the data in the text, to determine how many programs the document matches the query request, that is, to evaluate the relevance of the document to the user request query;

In order to complete the Full-text search, es must first parse the text and create an inverted index; the data in the inverted index also needs to be "normalized" to the standard format;

Word segmentation
Standardization

That analysis

Analysis needs to be performed by the parser: Analyzer

The parser consists of three components: character filter, word breaker, word breaker filter

ES built-in analyzers:

Standard Analyzer: (default)

Simple analyzer

Whitespace analyzer

Language Analyzer

The parser is not only used when creating indexes, but also when building queries, using the same parser for both creation and querying

Use of Elk