kibana query-string-Syntax
doc
- 过滤器语法基于Lucene
- elastic文档
- https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax
- lucene语法
- https://lucene.apache.org/core/6_6_0/queryparser/org/apache/lucene/queryparser/classic/package-summary.html
- 引导demo
- https://demo.elastic.co/cookie/index.html#/discover
filebeat配置
- https://github.com/elastic/beats - The Beats are lightweight data shippers, written in Go
- logstash-forwarder - THIS PROJECT IS REPLACED BY FILEBEAT(6年前,Commits on Nov 13, 2015)
- filebeat - https://www.elastic.co/guide/en/beats/filebeat/current/index.html
- https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html
问题
- 日志不活跃,filebeat关闭连接
- filebeat配置有问题,导致收集路径错了,修改配置,重启下,索引创建,就能看到日志了
LogStash
- https://github.com/elastic/logstash
- Logstash is part of the Elastic Stack along with Beats, Elasticsearch and Kibana. Logstash is a server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.” (Ours is Elasticsearch, naturally.). Logstash has over 200 plugins, and you can write your own very easily as well.
配置
CKafka
keyword
devtools
GET xxx/_mapping
可以看keyword抓取的字符数限制
