Otu esi etinye Elasticsearch na Rocky Linux 8

Elasticsearch bụ isi mmalite mepere emepe nke ukwuu njin nyocha na nyocha ederede zuru oke. Akụrụngwa na-akwado arụmọrụ RESTful nke na-enye gị ohere ịchekwa, chọọ, na nyochaa nnukwu data ngwa ngwa na nso ozugbo. Elasticsearch bụ nke a masịrị nke ọma na nke a ma ama n'etiti sysadmins na ndị mmepe dịka ọ bụ igwe nchọta siri ike dabere na ọba akwụkwọ Lucene. Ọ bụ n'ozuzu injin / teknụzụ dị n'okpuru na-enye ike ngwa nwere njirimara ọchụchọ dị mgbagwoju anya yana ihe achọrọ.

N'ime nkuzi a, ị ga-amụta ka esi etinye Elastic Search na Rocky Linux 8.

Prerequisites

  • OS akwadoro: Rocky Linux 8.+.
  • Akaụntụ onye ọrụ: Akaụntụ onye ọrụ nwere sudo ma ọ bụ ohere mgbọrọgwụ.
  • Ngwungwu achọrọ: curl, java

Melite Sistemụ Ọrụ

Melite gi Nkume linux Sistemụ arụmọrụ iji hụ na ngwugwu niile dị adị adịla ugbu a:

sudo dnf upgrade --refresh -y

Nkuzi a ga-eji ya sudo iwu na na-eche na ị nwere ọnọdụ sudo.

Iji nyochaa ọkwa sudo na akaụntụ gị:

sudo whoami

Ihe atụ na-egosi ọkwa sudo:

[joshua@rockylinux ~]$ sudo whoami
root

Ka ịtọlite ​​akaụntụ sudo dị adị ma ọ bụ ọhụrụ, gaa na nkuzi anyị na Otu esi etinye onye ọrụ na Sudoers na Rocky Linux.

Iji mgbọrọgwụ akaụntụ, jiri iwu na-esonụ na paswọọdụ mgbọrọgwụ banye.

su

Wụnye Curl

curl achọrọ maka akụkụ ụfọdụ nke ntuziaka a. Iji wụnye ngwugwu a, pịnye iwu a:

sudo dnf install curl -y

Wụnye Java

Iji wụnye nke ọma na, nke ka mkpa, jiri Elasticsearch, ịkwesịrị ịwụnye Java. Usoro a dịtụ mfe.

Pịnye iwu a ka ịwụnye ya Mepee ngwugwu:

sudo dnf install java-11-openjdk-devel -y

Ndabere ndabere nke a ga-etinye:

Otu esi etinye Elasticsearch na Rocky Linux 8

ụdị "Y", wee pịa "Tinye igodo" ịga n'ihu na nwụnye.

Ọ bụrụ na-amasị gị ụdị Java 16 kachasị ọhụrụ, lee ntuziaka anyị na ya Otu esi etinye Java 16 (OpenJDK 16) na Rocky Linux 8.

Gosi na etinyela Java nke ọma site na iji iwu a:

java -version

Ihe atụ mmepụta:

openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)

Advertisement


Tinye Elasticsearch

Elasticsearch adịghị na ọkọlọtọ Rocky Linux 8 App iyi, yabụ ịkwesịrị ịwụnye ya site na Elasticsearch RPM ebe nchekwa.

Tupu ịtinye ebe nchekwa, bubata ihe igodo GPG site na iwu a:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Nzọụkwụ ọzọ bụ ịmepụta faịlụ Elasticsearch repo dị ka ndị a:

sudo nano /etc/yum.repos.d/elasticsearch.repo

Ozugbo ịbanye na faịlụ ahụ, tinye ahịrị ndị a:

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Iji chekwaa (Ctrl+O), wee pụọ (CTRL+X).

Ugbu a tinye Elasticsearch site na iji iwu a:

sudo dnf install elasticsearch

Ihe atụ mmepụta:

Otu esi etinye Elasticsearch na Rocky Linux 8

ụdị "Y", pịa pịa "Tinye igodo" ịga n'ihu na ntinye

Site na ndabara, ọrụ Elasticsearch nwere nkwarụ na buut ma ọ naghị arụ ọrụ. Iji malite ọrụ ma mee ka ọ rụọ ọrụ na buut sistemụ, pịnye ihe ndị a (systemctl) iwu:

sudo systemctl enable elasticsearch.service --now

Ihe atụ mmepụta:

Executing: /usr/lib/systemd/systemd-sysv-install enable elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.

Chọpụta na Elasticsearch na-agba ọsọ nke ọma. Ị ga-eji curl iwu izipu otu Http arịrịọ na ọdụ ụgbọ mmiri 9200 on localhost dị ka ndị a:

curl -X GET "localhost:9200/"

Ihe atụ mmepụta:

Otu esi etinye Elasticsearch na Rocky Linux 8

Ka ilele ozi sistemu nke Elasticsearch dekọrọ na sistemụ gị, pịnye iwu a:

sudo journalctl -u elasticsearch

Ndekọ mmepụta ihe atụ:

-- Logs begin at Sat 2021-08-21 01:54:10 EDT, end at Sat 2021-08-21 02:11:00 EDT. --
Aug 21 02:09:17 localhost.localdomain systemd[1]: Starting Elasticsearch...
Aug 21 02:09:43 localhost.localdomain systemd[1]: Started Elasticsearch.

Otu esi ahazi Elasticsearch

A na-echekwa data Elasticsearch na ebe ndekọ aha nke ndabara (/var/lib/elasticsearch). Ka ilele ma ọ bụ dezie faịlụ nhazi, ị nwere ike ịhụ ha na ebe ndekọ aha (/etc/elasticsearch), na nhọrọ mmalite java nwere ike ịhazi na (/etc/default/elasticsearch) nhazi faịlụ.

Ntọala ndabara dị mma maka otu sava na-arụ ọrụ ka Elasticsearch na-agba ọsọ localhost naanị. Agbanyeghị, ọ bụrụ na ị ga-ahazi ụyọkọ, ị ga-achọ ịgbanwe faịlụ nhazi ahụ iji kwe ka njikọ dịpụrụ adịpụ.

Nhazi ohere ime ime (nhọrọ)

Site na ndabara, Elasticsearch na-ege naanị localhost. Ka ịgbanwee nke a, mepee faịlụ nhazi dị ka ndị a:

sudo nano /etc/elasticsearch/elasticsearch.yml

Pịgharịa gaa na ahịrị 56 ma chọta ngalaba netwọk na enweghị nkọwa (#) ahịrị ndị a ma jiri adreesị IP nkeonwe ma ọ bụ adreesị IP nke mpụga dochie ya dị ka ndị a:

Otu esi etinye Elasticsearch na Rocky Linux 8

Na ihe atụ, anyị uncommented (#) na (network.host) ma gbanwee ya ka ọ bụrụ adreesị IP nkeonwe dị n'elu.

Maka ebumnuche nchekwa, ọ dị mma maka ịkọwa adreesị; Otú ọ dị, ọ bụrụ na ị nwere ọtụtụ adreesị IP dị n'ime ma ọ bụ mpụga na-akụ ihe nkesa ahụ gbanwee interface netwọk iji gee onye ọ bụla ntị na ntinye. (0.0.0.0) dị ka ndị a:

Otu esi etinye Elasticsearch na Rocky Linux 8

Chekwaa faịlụ nhazi (Ctrl+O), wee pụọ (CLTR+X).

Ị ga-achọ ịmalitegharị ọrụ Elasticsearch site na iji iwu na-esonụ maka mgbanwe iji malite:

sudo systemctl restart elasticsearch

Hazie Firewalld maka Elasticsearch

Site na ndabara, ọ nweghị iwu edobere maka Elasticsearch, nke nwere ike bute nsogbu na egwu ahụ.

Nke mbụ, tinye mpaghara raara onwe ya nye maka amụma Elasticsearch firewalld:

sudo firewall-cmd --permanent --new-zone=elasticsearch

Na-esote, kọwapụta adreesị IP anabatara nke enyere ikike ịnweta Memcached.

sudo firewall-cmd --permanent --zone=elasticsearch --add-source=1.2.3.4

Dochie 1.2.3.4 na IP adreesị nke a ga-agbakwunye na ndepụta ikike.

Ozugbo itinyechara adreesị IP, mepee ọdụ ụgbọ mmiri Memcached.

Ọmụmaatụ, TCP ọdụ ụgbọ mmiri 11211.

sudo firewall-cmd --permanent --zone=elasticsearch --add-port=9200/tcp

Mara, ị nwere ike ịgbanwe ọdụ ụgbọ mmiri ndabara na faịlụ nhazi gị ma ọ bụrụ na ịgbanwee ọdụ ụgbọ mmiri firewall na-emeghe iwu n'elu na uru ọhụrụ.

Mgbe ịmechara iwu ndị ahụ, bugharịa firewall iji mejuputa iwu ọhụrụ:

sudo firewall-cmd --reload

Mwepụta ihe atụ ma ọ bụrụ na ọ ga nke ọma:

success

Advertisement


Otu esi eji Elasticsearch

Iji Elasticsearch na-eji iwu iwu bụ usoro kwụ ọtọ. N'okpuru bụ ụfọdụ n'ime ihe ndị a na-ejikarị eme ihe:

Hichapụ ndetu

N'okpuru index aha samples.

curl -X DELETE 'http://localhost:9200/samples'

Depụta ndepụta ndeksi niile

curl -X GET 'http://localhost:9200/_cat/indices?v'

Depụta akwụkwọ niile na ndeksi

curl -X GET 'http://localhost:9200/sample/_search'

Ajuju site na iji paramita URL

N'ebe a, anyị na-eji usoro ajụjụ Lucene iji dee q=school:Harvard.

curl -X GET http://localhost:9200/samples/_search?q=school:Harvard

Ajuju na JSON aka Elasticsearch Query DSL

Ị nwere ike ịjụ ajụjụ site na iji paramita na URL. Ma ị nwekwara ike iji JSON, dị ka egosiri na ihe atụ na-esonụ. JSON ga-adị mfe ịgụ na ihichapụ mgbe ị nwere ajụjụ dị mgbagwoju anya karịa otu nnukwu eriri URL.

curl -XGET --header 'Content-Type: application/json' http://localhost:9200/samples/_search -d '{
      "query" : {
        "match" : { "school": "Harvard" }
    }
}'

Ndepụta ndepụta ndeksi

Mpaghara Elasticsearch niile bụ ndenye aha. Yabụ na nke a depụtara mpaghara niile na ụdị ha na ndeksi.

curl -X GET http://localhost:9200/samples

Tinye Data

curl -XPUT --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/1 -d '{
   "school" : "Harvard"			
}'

Melite Doc

Nke a bụ otu esi etinye mpaghara na akwụkwọ dị adị. Nke mbụ, anyị na-emepụta ọhụrụ. Mgbe ahụ, anyị na-emelite ya.

curl -XPUT --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/2 -d '
{
    "school": "Clemson"
}'

curl -XPOST --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/2/_update -d '{
"doc" : {
               "students": 50000}
}'

Ndekọ ndabere

curl -XPOST --header 'Content-Type: application/json' http://localhost:9200/_reindex -d '{
  "source": {
    "index": "samples"
  },
  "dest": {
    "index": "samples_backup"
  }
}'

Ibu ibu data n'ụdị JSON

export pwd="elastic:"

curl --user $pwd  -H 'Content-Type: application/x-ndjson' -XPOST 'https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/0/_bulk?pretty' --data-binary @<file>

Gosi ahụ ike ụyọkọ

curl --user $pwd  -H 'Content-Type: application/json' -XGET https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/_cluster/health?pretty

Nchịkọta na nchịkọta ịwụ

Maka sava webụ Nginx, nke a na-ewepụta ọnụọgụ webụ site n'obodo ndị ọrụ:

curl -XGET --user $pwd --header 'Content-Type: application/json'  https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/logstash/_search?pretty -d '{
        "aggs": {
             "cityName": {
                    "terms": {
                     "field": "geoip.city_name.keyword",
                                "size": 50

        }
   }
  }
}
'

Nke a na-agbasawanye nke ahụ gaa na ọnụọgụ nzaghachi ngwaahịa nke obodo na ndekọ sava weebụ Nginx

curl -XGET --user $pwd --header 'Content-Type: application/json'  https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/logstash/_search?pretty -d '{
        "aggs": {
          "city": {
                "terms": {
                        "field": "geoip.city_name.keyword"
                },
        "aggs": {
          "responses": {
                "terms": {
                     "field": "response"
                 }
           }
         }
      },
      "responses": {
                "terms": {
                     "field": "response"
                 }
        }
   }
}'

Iji ElasticSearch na nzere Basic

Ọ bụrụ na ịgbanyela nchekwa na ElasticSearch, yabụ ịkwesịrị ịnye onye ọrụ na paswọọdụ dị ka egosiri n'okpuru iwu curl ọ bụla:

curl -X GET 'http://localhost:9200/_cat/indices?v' -u elastic:(password)

Mbipụta mara mma

Tinye ?mara mma = eziokwu maka ọchụchọ ọ bụla iji bipụta JSON mara mma. Dị ka nke a:

 curl -X GET 'http://localhost:9200/(index)/_search'?pretty=true

Ịjụ ajụjụ na weghachi naanị ụfọdụ ubi

Iji weghachi naanị ụfọdụ ubi, tinye ha n'usoro _source array:

GET filebeat-7.6.2-2020.05.05-000001/_search
 {
    "_source": ["suricata.eve.timestamp","source.geo.region_name","event.created"],
    "query":      {
        "match" : { "source.geo.country_iso_code": "GR" }
    }
}

Ịjụ ajụjụ site na ụbọchị

Mgbe ubi ahụ bụ ụdị ụbọchị, ị nwere ike iji mgbakọ ụbọchị, dịka nke a:

GET filebeat-7.6.2-2020.05.05-000001/_search
 {
    "query": {
        "range" : {
            "event.created": {
                "gte" : "now-7d/d"
            }
        }
}
}

Wepu Elasticsearch

Ọ bụrụ na ịchọkwaghị Elasticsearch, ị nwere ike wepu ngwanro ahụ site na iji iwu a:

sudo dnf autoremove elasticsearch

Advertisement


Okwu na mmechi

Ị mụtala ka esi etinye Elasticsearch na Rocky Linux 8 site na ebe nchekwa ọrụ Elasticsearch wee hazie isi ihe na nkuzi. N'ozuzu, ElasticSearch nwere ọtụtụ atụmatụ ewu ewu, ụfọdụ a kpọtụrụ aha na mmalite nkuzi ahụ, mana ndị ọzọ gụnyere ime ka ndị ọrụ nwee ike ịchọ mpaghara dị iche iche site na iji otu ajụjụ. ElasticSearch na-enye ọkwa nke sharding pụtara ìhè, nke pụtara scalability kwụ ọtọ, nke na-eme ka arụmọrụ ahụ dịkwuo elu ọbụlagodi na mmụba nke ibu.

Maka ịgụkwu ihe, gaa na onye ọrụ gọọmentị ibe akwukwo.

Ahapụ a Comment