FreezeJ' Blog

elastic stack延展阅读(持续补充)

2022-04-20

记录遇到的问题和一些相关解决文章

es7.x获取高级授权

各个授权的功能:https://www.elastic.co/cn/subscriptions

elasticsearch.yml配置xpack.license.self_generated.type: basic要去掉

https://www.itca.cc/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/79.html

https://segmentfault.com/a/1190000021193400

DSL介绍

官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/7.14/query-dsl.html#query-dsl

https://www.cnblogs.com/codertl/p/15476417.html

配置邮件告警Watcher

需要高级授权

elasticsearch.yml配置xpack.watcher.enabled: true

https://cloud.tencent.com/developer/article/1798373

腾讯企业邮箱demo:

# 邮箱配置
xpack.notification.email.account:
    mail_account:
        profile: standard
        email_defaults:
            from: xxxxxx@xxxxxx.com
        smtp:
            auth: true
            starttls.enable: true
            starttls.required: true
            host: smtp.exmail.qq.com   # 腾讯企业邮箱
            # port: 465  # 配置这个不成功,提示超时
            port: 587
            user: xxxxxx@xxxxxx.com

使用邮箱客户端密码(不是直接登录的密码,需要邮箱后台获取),添加密码记得切换用户,不然会修改keystore的文件权限,导致es启动失败

sudo -u elasticsearch ./bin/elasticsearch-keystore add xpack.notification.email.account.mail_account.smtp.secure_password

实现告警

需要高级授权

watcher和规则与连接器是两种独立的实现报警的方式,可以参考:https://blog.csdn.net/UbuntuTouch/article/details/118519057

个人感觉规则与连接器这种方式更加灵活,支持的功能更多,也不需要再es的配置文件里面去定义邮箱,可以直接在kibana界面上配置。

邮件报警

邮件报警配置:https://www.elastic.co/guide/en/kibana/7.14/rule-type-es-query.html

简单的模版Demo:

{{#context.hits}}
触发时间: {{_source.@timestamp}}  
项目: {{_source.project}}  
渠道: {{_source.channel}}  
服务id: {{_source.server_id}}  
服务器IP: {{_source.host.public_ip}}  
错误日志内容:  
{{_source.message}} 

-------------------------------------
{{/context.hits}}

Ingest manager 和 Elastic Agent

https://elasticstack.blog.csdn.net/article/details/107330677

https://elasticstack.blog.csdn.net/article/details/107336617

https://blog.csdn.net/u013613428/article/details/107108223

登录认证与角色授权

https://blog.csdn.net/zhoudatianchai/article/details/113045119

https://wiki.eryajf.net/pages/3500.html

es刷新geoip数据库

https://www.cnblogs.com/lsgxeva/p/8133886.html

检索ip:https://www.maxmind.com/en/home

查看集群配置

GET _cluster/settings

设置更新

PUT _cluster/settings
{
    "persistent": {
       "ingest.geoip.downloader.enabled": true
    }
}

elastic apm

https://www.jianshu.com/p/71a684f6285e

使用iframe嵌套面板

kibana.yml配置:

xpack.security.secureCookies: true
xpack.security.sameSiteCookies: "None"

配置匿名登录url:
https://jiapan.me/2020/Kibana-dashboard-auto-authenticating/

使用timelion做同比

timelion用法:

https://blog.csdn.net/qq_16077957/article/details/80023060
https://coralogix.com/blog/advanced-guide-to-kibana-timelion-functions

Demo:

.es(index=filebeat-*).label("当前日志数量统计"),
.es(index=filebeat-*,offset=-1d).label("昨天日志数量统计")

集群配置

https://www.likecs.com/show-84376.html
https://www.cnblogs.com/hellxz/p/11076854.html

集群脑裂问题

https://blog.csdn.net/yangshangwei/article/details/103997630

Tags: ELK