Elasticsearch on 小杨的博客https://luckycloveryh.github.io/fuyou/tags/elasticsearch/Recent content in Elasticsearch on 小杨的博客Hugo -- gohugo.iozh-cn小杨Mon, 06 Apr 2026 18:15:04 +080020 - 日志方案_EFKhttps://luckycloveryh.github.io/fuyou/p/k8s-efk-logging-solution/Mon, 06 Apr 2026 18:15:04 +0800https://luckycloveryh.github.io/fuyou/p/k8s-efk-logging-solution/<img src="https://cdn.jsdelivr.net/gh/luckycloveryh/picgo-bed@main/images/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20260524195222_524_12.jpg" alt="Featured image of post 20 - 日志方案_EFK" /><h2 id="pod-日志收集">Pod 日志收集 </h2><p>应用程序和系统日志可以帮助我们了解集群内部的运行情况,日志对于我们调试问题和监视集群情况也是非常有用的。而且大部分的应用都会有日志记录,对于传统的应用大部分都会写入到本地的日志文件之中。对于容器化应用程序来说则更简单,<strong>只需要将日志信息写入到</strong> <strong>stdout</strong> <strong>和</strong> <strong>stderr</strong> <strong>即可</strong>,容器默认情况下就会把这些日志输出到宿主机上的一个 JSON 文件之中,同样我们也可以通过 docker logs 或者 kubectl logs 来查看到对应的日志信息。</p> <p>但是,通常来说容器引擎或运行时提供的功能不足以记录完整的日志信息,比如,如果容器崩溃了、Pod 被驱逐了或者节点挂掉了,我们仍然也希望访问应用程序的日志。所以,日志应该独立于节点、Pod 或容器的生命周期,这种设计方式被称为 cluster-level-logging,即完全独立于 Kubernetes 系统,需要自己提供单独的日志后端存储、分析和查询工具。</p> <p>Kubernetes 中大多数的 Pod 日志被输出到控制台,在宿主机的文件系统每个Pod会创建一个存放日志的文件夹<code>/var/log/pods/</code>这里会存放所有这个节点运行的Pod的日志,但是这个文件夹下一般都是软连接,由于Kubernetes 底层的 CRI 容器运行时可以使用很多所以日志本身并不存放在这个文件夹,以下为容器运行时真正存放日志目录:</p> <ul> <li>container log: <code>/var/log/containers/*.log</code></li> <li>Pod log:<code>/var/log/pods</code></li> </ul> <h2 id="集群级别日志架构">集群级别日志架构 </h2><ul> <li>使用在每个节点上运行的节点级日志记录代理。</li> <li>在应用程序的 Pod 中,包含专门记录日志的边车(Sidecar)容器。</li> <li>将日志直接从应用程序中推送到日志记录后端。</li> </ul> <h3 id="使用节点级日志代理">使用节点级日志代理 </h3><p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=NDMwODliZGMxZmQxMWM4ZmY0YWUzOTJlNWM0ODE2M2NfbkJ6d25wVnJBc2pqNjRneGk2dFlBaW9EZ2MwcHRMNjNfVG9rZW46QUdNUmJVcHVxb25iZll4TndURmNNTEpjbmNmXzE3NzU0NzA2NTQ6MTc3NTQ3NDI1NF9WNA" loading="lazy" alt="img" ></p> <p>可以通过在每个节点上使用 <strong>节点级的<strong><strong>日志记录</strong></strong>代理</strong> 来实现集群级日志记录。 日志记录代理是一种用于暴露日志或将日志推送到后端的专用工具。 通常,日志记录代理程序是一个容器,它可以访问包含该节点上所有应用程序容器的日志文件的目录。</p> <p>由于日志记录代理必须在每个节点上运行,推荐以 <code>DaemonSet</code> 的形式运行该代理。</p> <p>节点级日志在每个节点上仅创建一个代理,不需要对节点上的应用做修改。</p> <p>容器向标准输出和标准错误输出写出数据,但在格式上并不统一。 节点级代理收集这些日志并将其进行转发以完成汇总。</p> <h3 id="使用边车容器运行日志代理-httpskubernetesiozh-cndocsconceptscluster-administrationloggingsidecar-container-with-logging-agent-sidecar">使用边车容器运行日志代理<a class="link" href="https://kubernetes.io/zh-cn/docs/concepts/cluster-administration/logging/#sidecar-container-with-logging-agent" target="_blank" rel="noopener" > </a> sidecar </h3><p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=MDNjODBjODY5YTY4MzE4MDg3Y2ZhZTU5YTNjN2NhMTBfdVhWZkJkencwQUhOd2JGeGJlWkRJTDlkRFNSOExITlZfVG9rZW46TXRwaWJPaElib21MUWZ4S1I0WGNsYW9HbmNmXzE3NzU0NzA2NTQ6MTc3NTQ3NDI1NF9WNA" loading="lazy" alt="img" ></p> <h3 id="从应用中直接暴露日志目录">从应用中直接暴露日志目录 </h3><p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=ZWIxMjc4YjY0OTZlNGJjNzZjYjkzZjQwOWYxMjEwNjhfMEhZaGNYck83eFoxUDE0OHJvSDdNRmxXb1RWMVpjZmNfVG9rZW46Q3VQWGJGYVdCb2JFbVl4RXdNZGNvT2ZMbmFiXzE3NzU0NzA2NTQ6MTc3NTQ3NDI1NF9WNA" loading="lazy" alt="img" ></p> <h2 id="efk">EFK </h2><p>Yum 仓库</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl">rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> vim /etc/yum.repos.d/elasic.repo </span></span><span class="line"><span class="cl"><span class="o">[</span>elasticsearch<span class="o">]</span> </span></span><span class="line"><span class="cl"><span class="nv">name</span><span class="o">=</span>Elasticsearch repository <span class="k">for</span> 7.x packages </span></span><span class="line"><span class="cl"><span class="nv">baseurl</span><span class="o">=</span>https://artifacts.elastic.co/packages/7.x/yum </span></span><span class="line"><span class="cl"><span class="nv">gpgcheck</span><span class="o">=</span><span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="nv">gpgkey</span><span class="o">=</span>https://artifacts.elastic.co/GPG-KEY-elasticsearch </span></span><span class="line"><span class="cl"><span class="nv">enabled</span><span class="o">=</span><span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="nv">autorefresh</span><span class="o">=</span><span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="nv">type</span><span class="o">=</span>rpm-md </span></span></code></pre></td></tr></table> </div> </div><h3 id="elasticsearch-httpswwwelasticcoguideenelasticsearchreference717rpmhtml"><a class="link" href="https://www.elastic.co/guide/en/elasticsearch/reference/7.17/rpm.html" target="_blank" rel="noopener" >Elasticsearch </a> </h3><p>Elasticsearch 是一个开源的分布式搜索和分析引擎,建立在 Apache Lucene 库之上。它提供了一个高性能、可伸缩和全文搜索能力强大的分布式系统,适用于处理大规模数据集的搜索、分析和近实时数据处理。</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl">wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.16-x86_64.rpm </span></span><span class="line"><span class="cl">rpm --install elasticsearch-7.17.16-x86_64.rpm </span></span></code></pre></td></tr></table> </div> </div><p>检查集群状态</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="c1"># 列出节点健康状态</span> </span></span><span class="line"><span class="cl">curl -XGET 127.0.0.1:9200/_cat/health?v </span></span><span class="line"><span class="cl"><span class="c1"># 显示cluster状态</span> </span></span><span class="line"><span class="cl">curl -XGET 127.0.0.1:9200/_cluster/health<span class="se">\?</span>pretty </span></span><span class="line"><span class="cl"><span class="c1"># 列出 master节点</span> </span></span><span class="line"><span class="cl">curl -XGET 127.0.0.1:9200/_cat/master?v </span></span><span class="line"><span class="cl"><span class="c1"># 列出节点及利用率</span> </span></span><span class="line"><span class="cl">curl -XGET 127.0.0.1:9200/_cat/nodes?v </span></span><span class="line"><span class="cl"><span class="c1"># 显示索引 </span> </span></span><span class="line"><span class="cl">curl localhost:9200/_cat/indices?v </span></span></code></pre></td></tr></table> </div> </div><h3 id="kibanahttpswwwelasticcoguideenkibana717rpmhtml"><a class="link" href="https://www.elastic.co/guide/en/kibana/7.17/rpm.html" target="_blank" rel="noopener" >Kibana</a> </h3><p>Kibana是一个开源的数据可视化和分析平台,与Elasticsearch紧密集成。它提供了一个直观的Web界面,让用户能够轻松地探索、分析和可视化存储在Elasticsearch中的数据。</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl">wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.16-x86_64.rpm </span></span></code></pre></td></tr></table> </div> </div><h3 id="filebeathttpswwwelasticcoguideenbeatsfilebeat717setup-repositorieshtml"><a class="link" href="https://www.elastic.co/guide/en/beats/filebeat/7.17/setup-repositories.html" target="_blank" rel="noopener" >Filebeat</a> </h3><p>Filebeat是一个轻量级的开源日志数据收集器,由Elasticsearch提供支持。它专门用于收集、解析和发送日志文件和其他结构化数据到Elasticsearch或Logstash等目标系统进行处理和分析。</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-YAML" data-lang="YAML"><span class="line"><span class="cl"><span class="c"># ============================== Filebeat inputs ===============================</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">filebeat.inputs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Each - is an input. Most options can be set at the input level, so</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># you can use different inputs for various configurations.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Below are the input specific configurations.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># filestream is an input for collecting log messages from files.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">filestream</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Unique ID among all inputs, an ID is required.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l">my-filestream-id</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Change to true to enable this input configuration.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Paths that should be crawled and fetched. Glob based paths.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">paths</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/var/log/*.log</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c">#- c:\programdata\elasticsearch\logs\*</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># ================================== Outputs ===================================</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Configure what output to use when sending the data collected by the beat.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># ---------------------------- Elasticsearch Output ----------------------------</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">output.elasticsearch</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Array of hosts to connect to.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&#34;localhost:9200&#34;</span><span class="p">]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Protocol - either `http` (default) or `https`.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c">#protocol: &#34;https&#34;</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h2 id="efk-on-kubernetes">EFK on Kubernetes </h2><p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=YTIxMTRiYTFlMjM0ZmIzNTM3ODY4YTU3ZDM0MWYxNzhfb0p0VDQ2Qk5JYXEzampaMlJGd3NVQmVPa2t4dzVhMEZfVG9rZW46Qm5JSWI3b1JHb09EY3V4QWRYMGNSMktvbmdnXzE3NzU0NzA2NTQ6MTc3NTQ3NDI1NF9WNA" loading="lazy" alt="img" ></p> <h3 id="安装-elasticsearch">安装 ElasticSearch </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="c1"># Add the Elastic Helm charts repo</span> </span></span><span class="line"><span class="cl">helm repo add elastic https://helm.elastic.co </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 查询版本 我们使用 7.17.3</span> </span></span><span class="line"><span class="cl"><span class="o">[</span>root@master-01 ~<span class="o">]</span><span class="c1"># helm search repo elastic/elasticsearch -l</span> </span></span><span class="line"><span class="cl">NAME CHART VERSION APP VERSION DESCRIPTION </span></span><span class="line"><span class="cl">elastic/elasticsearch 8.5.1 8.5.1 Official Elastic helm chart <span class="k">for</span> Elasticsearch </span></span><span class="line"><span class="cl">elastic/elasticsearch 7.17.3 7.17.3 Official Elastic helm chart <span class="k">for</span> Elasticsearch </span></span><span class="line"><span class="cl">elastic/elasticsearch 7.17.1 7.17.1 Official Elastic helm chart <span class="k">for</span> Elasticsearch </span></span><span class="line"><span class="cl">elastic/elasticsearch 7.16.3 7.16.3 Official Elastic helm chart <span class="k">for</span> Elasticsearch </span></span><span class="line"><span class="cl">elastic/elasticsearch 7.16.2 7.16.2 Official Elastic helm chart <span class="k">for</span> Elasticsearch </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="o">[</span>root@master-01 ~<span class="o">]</span><span class="c1"># helm pull elastic/elasticsearch --version=7.17.3</span> </span></span></code></pre></td></tr></table> </div> </div><p>修改 values</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"></code></pre></td></tr></table> </div> </div><p>安装</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># helm upgrade --install els -n logging -f elasticsearch/els-values.yaml ./elasticsearch --create-namespace --namespace logging </span> </span></span><span class="line"><span class="cl">NAME: els </span></span><span class="line"><span class="cl">LAST DEPLOYED: Sat Nov <span class="m">18</span> 20:17:57 <span class="m">2023</span> </span></span><span class="line"><span class="cl">NAMESPACE: logging </span></span><span class="line"><span class="cl">STATUS: deployed </span></span><span class="line"><span class="cl">REVISION: <span class="m">1</span> </span></span><span class="line"><span class="cl">NOTES: </span></span><span class="line"><span class="cl">1. Watch all cluster members come up. </span></span><span class="line"><span class="cl"> $ kubectl get pods --namespace<span class="o">=</span>logging -l <span class="nv">app</span><span class="o">=</span>elasticsearch-master -w2. Test cluster health using Helm test. </span></span><span class="line"><span class="cl"> $ helm --namespace<span class="o">=</span>logging <span class="nb">test</span> els </span></span></code></pre></td></tr></table> </div> </div><p>集群验证</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># kubectl get pods --namespace=logging -o wide </span> </span></span><span class="line"><span class="cl">NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES </span></span><span class="line"><span class="cl">elasticsearch-master-0 1/1 Running <span class="m">0</span> 99s 10.244.171.24 worker-01 &lt;none&gt; &lt;none&gt; </span></span><span class="line"><span class="cl">elasticsearch-master-1 1/1 Running <span class="m">0</span> 74s 10.244.184.101 master-01 &lt;none&gt; &lt;none&gt; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># curl 10.244.37.199:9200/_cluster/health?pretty</span> </span></span><span class="line"><span class="cl"><span class="o">{</span><span class="s2">&#34;cluster_name&#34;</span>:<span class="s2">&#34;elasticsearch&#34;</span>,<span class="s2">&#34;status&#34;</span>:<span class="s2">&#34;green&#34;</span>,<span class="s2">&#34;timed_out&#34;</span>:false,<span class="s2">&#34;number_of_nodes&#34;</span>:2,<span class="s2">&#34;number_of_data_nodes&#34;</span>:2,<span class="s2">&#34;active_primary_shards&#34;</span>:1,<span class="s2">&#34;active_shards&#34;</span>:2,<span class="s2">&#34;relocating_shards&#34;</span>:0,<span class="s2">&#34;initializing_shards&#34;</span>:0,<span class="s2">&#34;unassigned_shards&#34;</span>:0,<span class="s2">&#34;delayed_unassigned_shards&#34;</span>:0,<span class="s2">&#34;number_of_pending_tasks&#34;</span>:0,<span class="s2">&#34;number_of_in_flight_fetch&#34;</span>:0,<span class="s2">&#34;task_max_waiting_in_queue_millis&#34;</span>:0,<span class="s2">&#34;active_shards_percent_as_number&#34;</span>:100.0<span class="o">}</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="安装-kibana">安装 Kibana </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># helm search repo elastic/kibana -l</span> </span></span><span class="line"><span class="cl">NAME CHART VERSION APP VERSION DESCRIPTION </span></span><span class="line"><span class="cl">elastic/kibana 8.5.1 8.5.1 Official Elastic helm chart <span class="k">for</span> Kibana </span></span><span class="line"><span class="cl">elastic/kibana 7.17.3 7.17.3 Official Elastic helm chart <span class="k">for</span> Kibana </span></span><span class="line"><span class="cl">elastic/kibana 7.17.1 7.17.1 Official Elastic helm chart <span class="k">for</span> Kibana </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 拉取 chart</span> </span></span><span class="line"><span class="cl">helm pull elastic/kibana --version<span class="o">=</span>7.17.3 </span></span><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># helm -n logging upgrade --install kibana -f kibana/kibana-values.yaml ./kibana</span> </span></span><span class="line"><span class="cl">NAME: kibana </span></span><span class="line"><span class="cl">LAST DEPLOYED: Sat Nov <span class="m">18</span> 20:49:28 <span class="m">2023</span> </span></span><span class="line"><span class="cl">NAMESPACE: logging </span></span><span class="line"><span class="cl">STATUS: deployed </span></span><span class="line"><span class="cl">REVISION: <span class="m">1</span> </span></span><span class="line"><span class="cl">TEST SUITE: None </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 更新</span> </span></span><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># helm -n logging upgrade kibana -f kibana/kibana-values.yaml ./kibana</span> </span></span><span class="line"><span class="cl">Release <span class="s2">&#34;kibana&#34;</span> has been upgraded. Happy Helming! </span></span><span class="line"><span class="cl">NAME: kibana </span></span><span class="line"><span class="cl">LAST DEPLOYED: Sat Nov <span class="m">18</span> 21:14:34 <span class="m">2023</span> </span></span><span class="line"><span class="cl">NAMESPACE: logging </span></span><span class="line"><span class="cl">STATUS: deployed </span></span><span class="line"><span class="cl">REVISION: <span class="m">2</span> </span></span><span class="line"><span class="cl">TEST SUITE: None </span></span></code></pre></td></tr></table> </div> </div><p>修改 Kibana SVC 使用 NodePort</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl">type: NodePort </span></span></code></pre></td></tr></table> </div> </div><h3 id="安装-filebeat">安装 Filebeat </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># helm search repo elastic/filebeat -l</span> </span></span><span class="line"><span class="cl">NAME CHART VERSION APP VERSION DESCRIPTION </span></span><span class="line"><span class="cl">elastic/filebeat 8.5.1 8.5.1 Official Elastic helm chart <span class="k">for</span> Filebeat </span></span><span class="line"><span class="cl">elastic/filebeat 7.17.3 7.17.3 Official Elastic helm chart <span class="k">for</span> Filebeat </span></span><span class="line"><span class="cl">elastic/filebeat 7.17.1 7.17.1 Official Elastic helm chart <span class="k">for</span> Filebeat </span></span><span class="line"><span class="cl">elastic/filebeat 7.16.3 7.16.3 Official Elastic helm chart <span class="k">for</span> Filebeat </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># helm pull elastic/filebeat --version=7.17.3</span> </span></span><span class="line"><span class="cl"><span class="o">[</span>root@master-01 20-log<span class="o">]</span><span class="c1"># helm -n logging install filebeat -f filebeat/filebeat-values-1.yaml ./filebeat</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">NAME: filebeat </span></span><span class="line"><span class="cl">LAST DEPLOYED: Sat Nov <span class="m">18</span> 21:53:15 <span class="m">2023</span> </span></span><span class="line"><span class="cl">NAMESPACE: logging </span></span><span class="line"><span class="cl">STATUS: deployed </span></span><span class="line"><span class="cl">REVISION: <span class="m">1</span> </span></span><span class="line"><span class="cl">TEST SUITE: None </span></span><span class="line"><span class="cl">NOTES: </span></span><span class="line"><span class="cl">1. Watch all containers come up. </span></span><span class="line"><span class="cl"> $ kubectl get pods --namespace<span class="o">=</span>logging -l <span class="nv">app</span><span class="o">=</span>filebeat-filebeat -w </span></span></code></pre></td></tr></table> </div> </div><p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=YjI3YWUxZDJjZDlkMjlhYTQwNGY3OTYyNTAzM2QzYmVfbUR3NExGWmh1TVhnT1puMEo4MGVVRmRudmwycUgyc2ZfVG9rZW46QlJxYWJHdnllb1ZPeEp4WWcwWGNLR1BobnZnXzE3NzU0NzA2NTQ6MTc3NTQ3NDI1NF9WNA" loading="lazy" alt="img" ></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-YAML" data-lang="YAML"><span class="line"><span class="cl"><span class="l">https://artifacthub.io/packages/helm/elastic/elasticsearch</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">https://artifacthub.io/packages/helm/elastic/kibana</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">https://artifacthub.io/packages/helm/fluent/fluentd</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">helm repo add elastic https://helm.elastic.co</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=NTFhMjFhNTBmZjFiZDJjMDIyZGIzYmIwOTZmOTQ5YWJfYzcwR0JaN2hrOTVpcXRLNGdJNmhEb1RYT1VGSHFoUnJfVG9rZW46SVh2ZGI5OTdUb0tCdG54cDdlTmNWQlEzbmhmXzE3NzU0NzA2NTQ6MTc3NTQ3NDI1NF9WNA" loading="lazy" alt="img" ></p> <h2 id="附录">附录: </h2><p>Elasticsearch 基础概念</p> <h3 id="集群-cluster">集群 Cluster </h3><p>Elasticsearch 集群是一组 Elasticsearch 节点的集合。节点根据用途不同会划分出不同的角色,且节点之间相互通信。Elasticsearch集群常用于处理大规模数据集,目的是实现容错和高可用。Elasticsearch 集群需要一个唯一标识的集群名称来防止不必要的节点加入。</p> <h3 id="节点--node">节点 node </h3><p>节点是指一个Elasticsearch实例,更确切地说,它是一个Elasticsearch进程。节点可以部署到物理机或者虚拟机上。每当Elasticsearch启动时,节点就会开始运行。每个节点都有唯一标识的名称,在部署多节点集群环境的时候我们要注意不要写错节点名称。</p> <h3 id="索引--index">索引 index </h3><p>索引是 Elasticsearch 中用于存储和管理相关数据的逻辑容器。<strong>索引可以看作数据库中的一个表</strong>,它包含了一组具有相似结构的文档。在 Elasticsearch 中,数据以JSON格式的文档存储在索引内。每个索引具有唯一的名称,以便在执行搜索、更新和删除操作时进行引用。索引的名称可以由用户自定义,但必须全部小写。</p> <h3 id="分片--shard">分片 shard </h3><p>分片包含索引数据的一个子集,并且其本身具有完整的功能和独立性,可以将分片近似看作“独立索引“,分片是Elasticsearch 分布式存储的基石,是底层的基本读写单元。分片的目的是分割巨大的索引,将数据分散到集群内各处。</p> <p>分片分为主分片和副本分片,一般情况,一个主分片有多个副本分片。主分片负责处理写入请求和存储数据,副本分片只负责存储数据,是主分片的拷贝,文档会存储在具体的某个主分片和副本分片上。</p> <p><img src="https://rcnmegz4pby5.feishu.cn/space/api/box/stream/download/asynccode/?code=NGI3ZWNhYmRkMGU3NTdlY2M0ZGRlM2Y3NWE4MTk4YjZfTGdISnl3bjVqWGR0UVZNYVlUTVA1T3d5emhoWEFWTFdfVG9rZW46QnA0S2I2WE1xbzBHTXp4MlJURWNXSWp0bkJjXzE3NzU0NzA2NTQ6MTc3NTQ3NDI1NF9WNA" loading="lazy" alt="img" ></p> <h3 id="xpack--安全开启-elasticsearch-验证">Xpack 安全,开启 elasticsearch 验证 </h3><p><a class="link" href="https://www.elastic.co/guide/en/elasticsearch/reference/7.16/security-minimal-setup.html" target="_blank" rel="noopener" >https://www.elastic.co/guide/en/elasticsearch/reference/7.16/security-minimal-setup.html</a></p>