ELK/EFK中ES使用IK分词器的方式步骤
1. 安装ES同时安装IK 提前下载好IK分词器(版本和ES保持 一致): https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.8.0/elasticsearch-analysis-ik-6.8.0.zip 下载后,在plugins下面创建文件夹IK,把ZIP解压到IK里面 使用DOCKER启动ES: es: container_name: es image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0 privileged: true ports: - "9200:9200" volumes: - ./efk/es/data:/usr/share/elasticsearch/data - ./efk/es...
kibana6.8.0禁用不用的模块
server.port: 5601 server.host: "0.0.0.0" server.name: "kibana" elasticsearch.hosts: ["http://es:9200"] elasticsearch.ssl.verificationMode: none #elasticsearch.ssl.certificateAuthorities: ["/data/kibana/config/newfile.crt.pem"] elasticsearch.preserveHost: true kibana.index: ".kibana" i18n.locale: "en" server.defaultRoute: "/app/kibana#/discover" elasticsearch.username: "elastic" elasticsearch.password: "xxxxxxxxxxxxxxxxx" # 禁用可视化和仪表板 xpack.monitori...
kibana查询统计
统计关键词数量 : GET /docker-wecom-crm-api-2023.09/_search?q=message:"不存在外部联系人的关系" { "size": 0, "query": { "match_all": { } } }
es+filebeat+elastalert2实现异常邮件提醒
以下安装都使用docker-compose,docker及K8s安装原理一样 ES安装: es: container_name: es image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0 ports: - "9200:9200" environment: - node.name=es - http.host=0.0.0.0 - transport.host=127.0.0.1 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - bootstrap.memory_lock=true - discovery.type=single-node - xpack.security.enabled=true - xpack.security.http.ssl.enab...
linux快速搭建轻量级efk日志系统
一、前言 为什么要用EFK(or ELK): EFK 中的F是 filebeat还是fluentd? 单机推荐用filebeat,非常轻量级,占用内存为10M 二、安装过程 首先,通过docker-compose安装最方便,这里是yml文件: 注意1:es, kibana, filebeat版本最好一致 注意2:物理机最低内存2G才能安装(es大概800M,kibana 200M, filebeat 100M), 实在不行加swap! version : '3' services: es: container_name: es image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0 ports: - "9200:9...