Elasticsearch 是位于 Elastic Stack 核心的分布式搜索和分析引擎。Logstash 和 Beats 有助于收集、聚合和丰富您的数据并将其存储在 Elasticsearch 中。Kibana 使您能够以交互方式探索、可视化和共享对数据的洞察,并管理和监控堆栈。Elasticsearch 是索引、搜索和分析魔法发生的地方。
ElaticSearch 的组成:
一、配置ES
通过Docker compose配置 elaticsearch的集群,相关的elaticsearch-docker 镜像。
version: "3.9"
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.15.2
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02
- cluster.initial_master_nodes=es01,es02
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./es/data01:/usr/share/elasticsearch/data
- ./es/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:rw
ports:
- 9200:9200
networks:
- elastic
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.15.2
container_name: es02
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01
- cluster.initial_master_nodes=es01,es02
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./es/data02:/usr/share/elasticsearch/data:rw
- ./es/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:rw
networks:
- elastic
networks:
elastic:
driver: bridge
volumes:
db-data:
elasticsearch.yml文件相关的内容如下:
cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*"
二、配置 elasticsearch head
elasticsearch-head 是用于监控 Elasticsearch 状态的客户端插件,包括数据可视化、执行增删改查操作等;它可以监控集群的状态,对集群中的节点进行关停操作,但是无法从该页面重新启动节点。通过http://localhost:9100/可以访问elasticsearch-head。
docker相关配置:
es-head:
image: tobias74/elasticsearch-head:6
container_name: es-head
ports:
- "9100:9100"
networks:
- elastic
相关界面如下:
elasticsearch-head容器访问elasticsearch容器时,可能会报跨域问题,需要在elasticsearch.yml文件中添加以下配置:
http.cors.enabled: true
http.cors.allow-origin: "*"
三、配置中文分词器
IK Analyzer是一个开源的,基于java开发的轻量级的中文分词工具包。从2006年12月推出1.0版开始,IKAnalyzer已经推出了4个大版本。最初,它是开源项目Luence为应用主体的,结合词典分词和文法分析算法的中文词组件。从3.0版本开始,IK发展为一个浅Java的公用分词组件,独立于Lucene项目,同时提供了对Lucene的默认优化实现。在2012版本中, IK实现了简单的分词歧义循环,演讲IK词器从容易的词典分词向模拟分词词衍生化。
分词器IK的版本需要和ES的版本匹配,适合的版本比较如下:
| IK version | ES version |
|---|---|
| master | 7.x -> master |
| 6.x | 6.x |
| 5.x | 5.x |
| 1.10.6 | 2.4.6 |
| 1.9.5 | 2.3.5 |
| 1.8.1 | 2.2.1 |
| 1.7.0 | 2.1.1 |
| 1.5.0 | 2.0.0 |
| 1.2.6 | 1.0.0 |
| 1.2.5 | 0.90.x |
| 1.1.3 | 0.20.x |
| 1.0.0 | 0.16.2 -> 0.19.0 |
-
下载IK 7.15.2,然后进行配置
-
解压到
ik文件夹,通过docker映射目录。在docker-compose.yml中配置
es01:
volumes:
- ./es/ik:/usr/share/elasticsearch/plugins/ik/
- 查询是否配置成功
sh-4.4# ./elasticsearch-plugin list
ik
- 使用postman测试分词
分词结果如下:
{
"tokens": [
{
"token": "这是",
"start_offset": 0,
"end_offset": 2,
"type": "CN_WORD",
"position": 0
},
{
"token": "一个",
"start_offset": 2,
"end_offset": 4,
"type": "CN_WORD",
"position": 1
},
{
"token": "es",
"start_offset": 4,
"end_offset": 6,
"type": "ENGLISH",
"position": 2
},
{
"token": "的",
"start_offset": 6,
"end_offset": 7,
"type": "CN_CHAR",
"position": 3
},
{
"token": "测试",
"start_offset": 7,
"end_offset": 9,
"type": "CN_WORD",
"position": 4
},
{
"token": "语句",
"start_offset": 9,
"end_offset": 11,
"type": "CN_WORD",
"position": 5
}
]
}
综上,IK分词器配置成功。
四、配置kibana
Kibana 是一个免费且开放的用户界面,能够让您对 Elasticsearch 数据进行可视化,并让您在 Elastic Stack 中进行导航。您可以进行各种操作,从跟踪查询负载,到理解请求如何流经您的整个应用,都能轻松完成。
为doker-compose文件添加以下配置:
es-kibana:
image: docker.elastic.co/kibana/kibana:7.15.2
container_name: es-kibana
environment:
- "ELASTICSEARCH_HOSTS=http://es01:9200"
ports:
- "5601:5601"
networks:
- elastic
访问http://localhost:5601/:
五、入门示例
- 添加单个文档
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"name":"es","version":"7.5"}' 'http://localhost:9200/user-222/_doc?pretty'
响应如下:
{
"_index" : "user-222",
"_type" : "_doc",
"_id" : "5EYtMn0B3xA6QmlDD5FA",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"_seq_no" : 0,
"_primary_term" : 1
}
返回的是文档的元数据,其中
_index:表示索引名_type:表示数据类型result:表示请求结果_shards:表示分片
- 添加多个文档
curl -XPOST localhost:9200/index_name/type_name/_bulk -H "Content-Type: application/x-ndjson" --data-binary @bulk.json
curl -XPOST localhost:9200/user/_bulk?pretty -H "Content-Type: application/x-ndjson" --data-binary @bulk.json
bulk.json的数据集:
{ "index" : { "_index" : "user", "_id" : "1" } }
{ "name" : "es1" }
{ "index" : { "_index" : "user", "_id" : "2" } }
{ "name" : "es2", "age": 2 }
{ "index" : { "_index" : "user", "_id" : "3" } }
{ "name" : "es3", "age": 3 }
- 搜索数据
curl -XGET localhost:9200/user/_search?pretty -H "Content-Type: application/x-ndjson" --data-binary @search.json
`search.json`文件
{
"query": {
"match_all": { }
},
"sort": [
{
"age": "desc"
}
]
}
查询结果如下:
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "user",
"_type" : "_doc",
"_id" : "3",
"_score" : null,
"_source" : {
"name" : "es3",
"age" : 3
},
"sort" : [
3
]
},
{
"_index" : "user",
"_type" : "_doc",
"_id" : "2",
"_score" : null,
"_source" : {
"name" : "es2",
"age" : 2
},
"sort" : [
2
]
},
{
"_index" : "user",
"_type" : "_doc",
"_id" : "1",
"_score" : null,
"_source" : {
"name" : "es1"
},
"sort" : [
-9223372036854775808
]
}
]
}
}
查询时设置"_source": false,查询时只会输出相关字段
修改search.json文件:
{
"query": {
"match_all": { }
},
"_source": false,
"sort": [
{
"age": "desc"
}
]
}
查询结果如下,可以看到查询数据的字段没有被查出来,在一些查询中可以加快查询速度
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "user",
"_type" : "_doc",
"_id" : "3",
"_score" : null,
"sort" : [
3
]
},
{
"_index" : "user",
"_type" : "_doc",
"_id" : "2",
"_score" : null,
"sort" : [
2
]
},
{
"_index" : "user",
"_type" : "_doc",
"_id" : "1",
"_score" : null,
"sort" : [
-9223372036854775808
]
}
]
}
}
范围查询:
GET logs-my_app-default/_search
{
"query": {
"range": {
"@timestamp": {
"gte": "2099-05-05",
"lt": "2099-05-08"
}
}
},
"fields": [
"@timestamp"
],
"_source": false,
"sort": [
{
"@timestamp": "desc"
}
]
}
查询结果
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : ".ds-logs-my_app-default-2021.11.18-000001",
"_type" : "_doc",
"_id" : "5UZdMn0B3xA6QmlDOpF2",
"_score" : null,
"fields" : {
"@timestamp" : [
"2099-05-07T16:24:32.000Z"
]
},
"sort" : [
4081854272000
]
}
]
}
}
- 删除
curl -X DELETE "localhost:9200/_data_stream/logs-my_app-default?pretty"
curl -X DELETE "localhost:9200/user?pretty"
