Otu esi etinye Elasticsearch na AlmaLinux 8

Elasticsearch bụ isi mmalite mepere emepe nke ukwuu njin nyocha na nyocha ederede zuru oke. Ọ bụ n'ozuzu injin / teknụzụ dị n'okpuru na-enye ike ngwa nwere njirimara ọchụchọ dị mgbagwoju anya yana ihe achọrọ. Akụrụngwa na-akwado arụmọrụ RESTful nke na-enye gị ohere ịchekwa, chọọ, na nyochaa nnukwu data ngwa ngwa na nso ozugbo. Elasticsearch bụ nke a masịrị nke ọma na nke a ma ama n'etiti sysadmins na ndị mmepe dịka ọ bụ igwe nchọta siri ike dabere na ọba akwụkwọ Lucene.

N'ime nkuzi a, ị ga-amụta Otu esi etinye ihe nchọta Elastic na AlmaLinux 8.

Prerequisites

  • OS akwadoro: AlmaLinux 8.
  • Akaụntụ onye ọrụ: Akaụntụ onye ọrụ nwere sudo ihe ùgwù or ohere mgbọrọgwụ (su Command).

Na-emelite Sistemụ Ọrụ

Melite gi AlmaLinux Sistemụ arụmọrụ iji hụ na ngwugwu niile dị adị adịla ugbu a:

sudo dnf upgrade --refresh -y

Nkuzi a ga-eji ya sudo iwu na na-eche na ị nwere ọnọdụ sudo.

Iji nyochaa ọkwa sudo na akaụntụ gị:

sudo whoami

Ihe atụ na-egosi ọkwa sudo:

[joshua@localhost ~]$ sudo whoami
root

Ka ịtọlite ​​akaụntụ sudo dị adị ma ọ bụ ọhụrụ, gaa na nkuzi anyị na Otu esi etinye onye ọrụ na Sudoers na AlmaLinux.

Iji mgbọrọgwụ akaụntụ, jiri iwu na-esonụ na paswọọdụ mgbọrọgwụ banye.

su

Wụnye ngwugwu CURL

The CURL achọrọ iwu maka akụkụ ụfọdụ nke ntuziaka a. Iji wụnye ngwugwu a, pịnye iwu a:

sudo dnf install curl -y

Wụnye ngwugwu Java

Iji wụnye nke ọma na, nke ka mkpa, jiri Elasticsearch, ịkwesịrị ịwụnye Java. Usoro a dịtụ mfe.

Pịnye iwu a ka ịwụnye ya Mepee ngwugwu:

sudo dnf install java-11-openjdk-devel

Ndabere ndabere nke a ga-etinye:

Otu esi etinye Elasticsearch na AlmaLinux 8

ụdị "Y", wee pịa "Tinye igodo" ịga n'ihu na nwụnye.

Gosi na etinyela Java nke ọma site na iji iwu a:

java -version

Ihe atụ mmepụta:

openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)

Advertisement


Tinye Elasticsearch

Elasticsearch adịghị na ọkọlọtọ AlmaLinux 8 App iyi, yabụ ịkwesịrị ịwụnye ya site na Elasticsearch RPM ebe nchekwa.

Tupu ịtinye ebe nchekwa, bubata ihe igodo GPG site na iwu a:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Nzọụkwụ ọzọ bụ ịmepụta faịlụ Elasticsearch repo dị ka ndị a:

sudo nano /etc/yum.repos.d/elasticsearch.repo

Ozugbo ịbanye na faịlụ ahụ, tinye ahịrị ndị a:

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Iji chekwaa (Ctrl+O), wee pụọ (CTRL+X).

Ugbu a tinye Elasticsearch site na iji iwu a:

sudo dnf install elasticsearch

Ihe atụ mmepụta:

Otu esi etinye Elasticsearch na AlmaLinux 8

ụdị "Y", pịa pịa "Tinye igodo" ịga n'ihu na ntinye

Site na ndabara, ọrụ Elasticsearch nwere nkwarụ na buut ma ọ naghị arụ ọrụ. Iji malite ọrụ ma mee ka ọ rụọ ọrụ na buut sistemụ, pịnye ihe ndị a (systemctl) iwu:

sudo systemctl enable elasticsearch.service --now

Ihe atụ mmepụta:

Executing: /usr/lib/systemd/systemd-sysv-install enable elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.

Nyochaa na Elasticsearch na-agba ọsọ nke ọma site na iji curl iwu iziga ihe Http arịrịọ na ọdụ ụgbọ mmiri 9200 on localhost dị ka ndị a:

curl -X GET "localhost:9200/"

Ihe atụ mmepụta:

Otu esi etinye Elasticsearch na AlmaLinux 8

Ka ilele ozi sistemu nke Elasticsearch dekọrọ na sistemụ gị, pịnye iwu a:

sudo journalctl -u elasticsearch

Ndekọ mmepụta ihe atụ:

-- Logs begin at Sat 2021-08-21 01:54:10 EDT, end at Sat 2021-08-21 02:11:00 EDT. --
Aug 21 02:09:17 localhost.localdomain systemd[1]: Starting Elasticsearch...
Aug 21 02:09:43 localhost.localdomain systemd[1]: Started Elasticsearch.

Otu esi ahazi Elasticsearch

A na-echekwa data Elasticsearch na ebe ndekọ aha nke ndabara (/var/lib/elasticsearch). Ka ilele ma ọ bụ dezie faịlụ nhazi, ị nwere ike ịhụ ha na ebe ndekọ aha (/etc/elasticsearch), na nhọrọ mmalite java nwere ike ịhazi na (/etc/default/elasticsearch) nhazi faịlụ.

Ntọala ndabara dị mma maka otu sava na-arụ ọrụ ka Elasticsearch na-agba ọsọ localhost naanị. Agbanyeghị, ọ bụrụ na ị ga-ahazi ụyọkọ, ị ga-achọ ịgbanwe faịlụ nhazi ahụ iji kwe ka njikọ dịpụrụ adịpụ.

Nhazi ohere ime ime (nhọrọ)

Site na ndabara, Elasticsearch na-ege naanị localhost. Ka ịgbanwee nke a, mepee faịlụ nhazi dị ka ndị a:

sudo nano /etc/elasticsearch/elasticsearch.yml

Pịgharịa gaa na ahịrị 56 ma chọta ngalaba netwọk na enweghị nkọwa (#) ahịrị ndị a ma jiri adreesị IP nkeonwe ma ọ bụ adreesị IP nke mpụga dochie ya dị ka ndị a:

Otu esi etinye Elasticsearch na AlmaLinux 8

Na ihe atụ, anyị uncommented (#) na (network.host) ma gbanwee ya ka ọ bụrụ adreesị IP nkeonwe dị n'elu.

Maka ebumnuche nchekwa, ọ dị mma maka ịkọwa adreesị; Otú ọ dị, ọ bụrụ na ị nwere ọtụtụ adreesị IP dị n'ime ma ọ bụ mpụga na-akụ ihe nkesa ahụ gbanwee interface netwọk iji gee onye ọ bụla ntị na ntinye. (0.0.0.0) dị ka ndị a:

Otu esi etinye Elasticsearch na AlmaLinux 8

Chekwaa faịlụ nhazi (Ctrl+O), wee pụọ (CLTR+X).

Ị ga-achọ ịmalitegharị ọrụ Elasticsearch site na iji iwu na-esonụ maka mgbanwe iji malite:

sudo systemctl restart elasticsearch

Advertisement


Otu esi eji Elasticsearch

Iji Elasticsearch na-eji iwu iwu bụ usoro kwụ ọtọ. N'okpuru bụ ụfọdụ n'ime ihe ndị a na-ejikarị eme ihe:

Hichapụ ndetu

N'okpuru index aha samples.

curl -X DELETE 'http://localhost:9200/samples'

Depụta ndepụta ndeksi niile

curl -X GET 'http://localhost:9200/_cat/indices?v'

Depụta akwụkwọ niile na ndeksi

curl -X GET 'http://localhost:9200/sample/_search'

Ajuju site na iji paramita URL

N'ebe a, anyị na-eji usoro ajụjụ Lucene iji dee q=school:Harvard.

curl -X GET http://localhost:9200/samples/_search?q=school:Harvard

Ajuju na JSON aka Elasticsearch Query DSL

Ị nwere ike ịjụ ajụjụ site na iji paramita na URL. Ma ị nwekwara ike iji JSON, dị ka egosiri na ihe atụ na-esonụ. JSON ga-adị mfe ịgụ na ihichapụ mgbe ị nwere ajụjụ dị mgbagwoju anya karịa otu nnukwu eriri URL.

curl -XGET --header 'Content-Type: application/json' http://localhost:9200/samples/_search -d '{
      "query" : {
        "match" : { "school": "Harvard" }
    }
}'

Ndepụta ndepụta ndeksi

Mpaghara Elasticsearch niile bụ ndenye aha. Yabụ na nke a depụtara mpaghara niile na ụdị ha na ndeksi.

curl -X GET http://localhost:9200/samples

Tinye Data

curl -XPUT --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/1 -d '{
   "school" : "Harvard"			
}'

Melite Doc

Nke a bụ otu esi etinye mpaghara na akwụkwọ dị adị. Nke mbụ, anyị na-emepụta ọhụrụ. Mgbe ahụ, anyị na-emelite ya.

curl -XPUT --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/2 -d '
{
    "school": "Clemson"
}'

curl -XPOST --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/2/_update -d '{
"doc" : {
               "students": 50000}
}'

Ndekọ ndabere

curl -XPOST --header 'Content-Type: application/json' http://localhost:9200/_reindex -d '{
  "source": {
    "index": "samples"
  },
  "dest": {
    "index": "samples_backup"
  }
}'

Ibu ibu data n'ụdị JSON

export pwd="elastic:"

curl --user $pwd  -H 'Content-Type: application/x-ndjson' -XPOST 'https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/0/_bulk?pretty' --data-binary @<file>

Gosi ahụ ike ụyọkọ

curl --user $pwd  -H 'Content-Type: application/json' -XGET https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/_cluster/health?pretty

Nchịkọta na nchịkọta ịwụ

Maka sava webụ Nginx, nke a na-ewepụta ọnụọgụ webụ site n'obodo ndị ọrụ:

curl -XGET --user $pwd --header 'Content-Type: application/json'  https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/logstash/_search?pretty -d '{
        "aggs": {
             "cityName": {
                    "terms": {
                     "field": "geoip.city_name.keyword",
                                "size": 50

        }
   }
  }
}
'

Nke a na-agbasawanye nke ahụ gaa na ọnụọgụ nzaghachi ngwaahịa nke obodo na ndekọ sava weebụ Nginx

curl -XGET --user $pwd --header 'Content-Type: application/json'  https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/logstash/_search?pretty -d '{
        "aggs": {
          "city": {
                "terms": {
                        "field": "geoip.city_name.keyword"
                },
        "aggs": {
          "responses": {
                "terms": {
                     "field": "response"
                 }
           }
         }
      },
      "responses": {
                "terms": {
                     "field": "response"
                 }
        }
   }
}'

Iji ElasticSearch na nzere Basic

Ọ bụrụ na ịgbanyela nchekwa na ElasticSearch, yabụ ịkwesịrị ịnye onye ọrụ na paswọọdụ dị ka egosiri n'okpuru iwu curl ọ bụla:

curl -X GET 'http://localhost:9200/_cat/indices?v' -u elastic:(password)

Mbipụta mara mma

Tinye ?mara mma = eziokwu maka ọchụchọ ọ bụla iji bipụta JSON mara mma. Dị ka nke a:

 curl -X GET 'http://localhost:9200/(index)/_search'?pretty=true

Ịjụ ajụjụ na weghachi naanị ụfọdụ ubi

Iji weghachi naanị ụfọdụ ubi, tinye ha n'usoro _source array:

GET filebeat-7.6.2-2020.05.05-000001/_search
 {
    "_source": ["suricata.eve.timestamp","source.geo.region_name","event.created"],
    "query":      {
        "match" : { "source.geo.country_iso_code": "GR" }
    }
}

Ịjụ ajụjụ site na ụbọchị

Mgbe ubi ahụ bụ ụdị ụbọchị, ị nwere ike iji mgbakọ ụbọchị, dịka nke a:

GET filebeat-7.6.2-2020.05.05-000001/_search
 {
    "query": {
        "range" : {
            "event.created": {
                "gte" : "now-7d/d"
            }
        }
}
}

Otu esi ewepu (wepụ) Elasticsearch

Ọ bụrụ na ịchọkwaghị Elasticsearch, ị nwere ike wepu ngwanro ahụ site na iji iwu a:

sudo dnf autoremove elasticsearch

Ihe atụ mmepụta:

Otu esi etinye Elasticsearch na AlmaLinux 8

ụdị "Y", pịa pịa "Tinye igodo" ịga n'ihu na mwepụ nke Elasticsearch.


Advertisement


Okwu na mmechi

Ị mụtala ka esi etinye Elasticsearch na AlmaLinux 8 site na ebe nchekwa ọrụ Elasticsearch wee hazie isi ihe na nkuzi. N'ozuzu, ElasticSearch nwere ọtụtụ atụmatụ ewu ewu, ụfọdụ a kpọtụrụ aha na mmalite nkuzi ahụ, mana ndị ọzọ gụnyere ime ka ndị ọrụ nwee ike ịchọ mpaghara dị iche iche site na iji otu ajụjụ. ElasticSearch na-enye ọkwa nke sharding pụtara ìhè, nke pụtara scalability kwụ ọtọ, nke na-eme ka arụmọrụ ahụ dịkwuo elu ọbụlagodi na mmụba nke ibu.

Maka ịgụkwu ihe, gaa na onye ọrụ gọọmentị ibe akwukwo.

Ahapụ a Comment