es 文档整理

[asu126]

• https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html
• 1 https://es.xiaoleilu.com/050_Search/05_Empty_search.html
• 2 http://blog.csdn.net/yangwenbo214/article/details/77802331
• 2 http://blog.csdn.net/laoyang360/article/details/52244917
• apach an http://cwiki.apachecn.org/pages/viewpage.action?pageId=4260360

[asu126]

模板索引 logstash 文档：https://doc.yonyoucloud.com/doc/logstash-best-practice-cn/output/elasticsearch.html http://blog.csdn.net/yesicatt/article/details/53393814 更新错误： https://discuss.elastic.co/t/update-mapping-of-not-analyzed-field/59173/2 http://www.cnblogs.com/Creator/p/3722408.html

       "project_name": {
          "type": "string",
          "index": "not_analyzed",
          "fields": {
            "raw": {
              "type": "string",
              "index": "not_analyzed"
            },
            "search": {
              "type": "string"
            }
          }
        }

• 1

  elasticsearch {
              hosts => ["127.0.0.1:9200"]
              index => "test-env-logstash-nginx-%{+YYYY.MM.dd}"
              document_type => "nginx-access-log"
  
              manage_template => true
              template=>"/etc/logstash/elasticsearch-template-es2x-gitlab-nginx.json"
              template_name=>"es-nginx"
              template_overwrite=>true
          }

[asu126]

get mapping: http://127.0.0.1:9200/test-env-gitlab-shell-2018.01.21/_mapping/gitlab-shell-log/field/project_name?include_defaults=true

[asu126]

{
    "size": 0,
    "query": {
        "bool": {
            "filter": {
                "range": {
                    "@timestamp": {
                        "gte": "2018-02-25",
                        "lte": "2018-02-25"
                    }
                }
            },
            "must": {
                "exists": {
                    "field": "project_name"
                }
            }
        }
    },
    "aggs": {
        "group_by_ip_and_project":{
            "terms":{
                "field":"remote_addr",
                "size" : 0
            },
            "aggs":{
                "project_name": { 
                    "terms": { 
                        "field": "project_name",
                        "size" : 0
                    },
                    "aggs":{
                        "p_body_bytes_sent":{
                            "sum":{
                                "field":"body_bytes_sent"
                            }
                        }
                    }
                }
            }
        }
    }
}

[asu126]

• 云溪 https://m.aliyun.com/yunqi/articles/658838?utm_content=m_1000020822

[asu126]

准备备份

• 修改配置文件备份目录 path.repo: ["/home/data/elastic-backup"]

• 备份

  curl -X POST "http://localhost:9200/_snapshot/asu_backup" -H 'Content-Type: application/json' -d'
  {
  "type": "fs",
  "indices": "workhorse-log,shell-log,twitter",
  "settings": {
      "location": "/home/data/elastic-backup",
      "max_snapshot_bytes_per_sec" : "50mb", 
      "max_restore_bytes_per_sec" : "50mb"
  }
  }
  '

curl -X PUT "http://localhost:9200/_snapshot/asu_backup/snapshot_2?pretty=true" -H 'Content-Type: application/json' -d' { "indices": "twitter" } '

• 查看备份 curl -X GET "http://localhost:9200/_snapshot/asu_backup/_all"

/tmp 目录无权限写错误恢复

-Djava.io.tmpdir=/var/lib/elasticsearch/tmp
-Djna.tmpdir=/var/lib/elasticsearch/tmp

参考

• http://keenwon.com/1393.html
• https://www.elastic.co/guide/cn/elasticsearch/guide/current/backing-up-your-cluster.html
• https://segmentfault.com/a/1190000015125088

升级

https://dongbo0737.github.io/2017/06/06/elasticsearch-2.4-5.2/

• 创建测试索引

  curl -X PUT "http://localhost:9200/twitter/tweet/6" -H 'Content-Type: application/json' -d'
  {
  "user" : "kimchy",
  "post_date" : "2009-11-15T14:12:12",
  "message" : "trying out Elasticsearch"
  }
  '

源码分析

https://www.felayman.com/category/Elasticsearch+6.0+%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90/1 https://www.cnblogs.com/zziawanblog/category/977414.html https://juejin.im/post/5a2b653f5188251c11408b22