Ubuntu中ELK安装和调试的一些要点

前端之家收集整理的这篇文章主要介绍了Ubuntu中ELK安装和调试的一些要点前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

1. Query all records from Elasticsearch

curl -XGET "http://localhost:9200/logstash-*/_search?size=50&pretty"

http://stackoverflow.com/a/38874465/2177408


2. Run logstash

/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf

3. Linux 命令(netstat,ps,kill)

On Linux (Ubuntu derivatives at least)

killall node
is easier than this form.

ps | grep <something>
kill <somepid>
Neither will work if you have a orphaned child holding the port. Instead,do this:

netstat -punta | grep <port>
If the port is being held you'll see something like this:

tcp           0      0.0.0.0:<port>          0.0.0.*       LISTEN     <pid>/<parent>
Now kill by pid:

kill -9 <pid>

http://stackoverflow.com/a/22875192/2177408


4. Delete all data of an index in elasticsearch
curl -XDELETE localhost:9200/index/type/documentID
http://stackoverflow.com/a/22932471/2177408

5. Match IPV4 and IPV6 in COMBINEDAPACHELOGS

%{IPV6:ipv6}:%{IPV4:ipv4}
http://stackoverflow.com/a/40084695/2177408


6. Multiple matches in grok in logstash

input {
  stdin{}
}
filter {
  grok {
    break_on_match => false
    match => [ "message","%{WORD:word1}" ]
    match => [ "message","%{WORD:word2}" ]
    match => [ "message","%{WORD:word3}" ]
  }
}
output {
  stdout { codec => rubydebug }
}



7. Regex for COMBINEDAPACHELOGS

grok {
  match => [ "message","%{IP:client_ip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:apache_timestamp}\] \"%{WORD:method} /%{NOTSPACE:request_page} HTTP/%{NUMBER:http_version}\" %{NUMBER:server_response} " ]
}
http://stackoverflow.com/a/22380896/2177408

8. After updating logstash.conf

rm .sincedb*
curl -XDELETE localhost:9200/logstash-*
sudo /etc/init.d/logstash stop
sudo /etc/init.d/logstash start

猜你在找的Ubuntu相关文章