Elasticsearch日志收集
Install pip if necessary
python get-pip.py |
Install Curator for Elasticsearch
Elasticsearch Curator helps you curate, or manage, your Elasticsearch indices and snapshots by:
- Obtaining the full list of indices (or snapshots) from the cluster, as the actionable list
- Iterate through a list of user-defined filters to progressively remove indices (or snapshots) from this actionable list as needed.
- Perform various actions on the items which remain in the actionable list.
pip install elasticsearch-curator pip install click==6.7 |
Configure curator
mkdir -p /var/log/elastic touch /var/log/elastic/curator .log mkdir ~/.curator vi ~/.curator /curator .yml |
# Remember, leave a key empty if there is no value. None will be a string, ## not a Python "NoneType" client: hosts: [Elasticsearch Server IP] port: 9200 url_prefix: use_ssl: False certificate: client_cert: client_key: ssl_no_validate: False http_auth: timeout: 30 master_only: False logging: loglevel: INFO logfile: /var/log/elastic/curator.log logformat: default blacklist: ['elasticsearch', 'urllib3'] |
Have a test, now you can get the indices list
curator_cli show_indices
Create repository
Configure elasticseach.yml default in /etc/elasticsearch/elasticsearch.yml
path.repo: /u01/elasticsearch/backup http.max_header_size: 16kb |
Restart elasticsearch service (service elasticsearch restart) to make the configurations work.
Create repository elasticsearch. Ensure location points to a valid path which is configured in path.repo, accesable from all nodes.
curl -XPUT http: //localhost :9200 /_snapshot/es_backup -H "Content-Type: application/json" -d @repository.json |
{ "type" : "fs" , "settings" : { "compress" : true , "location" : "/u01/elasticsearch/backup" } } |
Have a test
curl -XGET 'localhost:9200/_snapshot/_all?pretty=true' |
Create curator yaml action files
daily_backup.yml
Customize the snapshot name in name option
action 1: backup all indices before today to repository elasticsearch with specified snapshot name
action 2: delete indices older than 185 days
--- actions: 1: action: snapshot description: >- Snapshot selected all indices to repository 'elasticsearch' with the snapshot name options: repository: es_backup name: '<c4cert-{now/d-1d}>' wait_for_completion: True max_wait: 4800 wait_interval: 30 filters: - filtertype: age source : name direction: older unit: days unit_count: 1 timestring: "%Y.%m.%d" 2: action: delete_indices description: >- Delete indices which is older than 185 days filters: - filtertype: age source : name direction: older unit: days unit_count: 185 timestring: "%Y.%m.%d" |
del_snapshot.yml
action 1: Delete snapshots from repository elasticsearch which is older than 185 days
--- actions: 1: action: delete_snapshots description: >- Delete snapshots from repository which is older than 185 days options: repository: es_backup retry_interval: 120 retry_count: 3 filters: - filtertype: age source : creation_date direction: older unit: days unit_count: 185 |
restore.yml
action 1: Restore all indices in the most recent snapshot with state SUCCESS.
--- actions: 1: action: restore description: >- Restore all indices in the most recent snapshot with state SUCCESS. Wait for the restore to complete before continuing. Do not skip the repository filesystem access check. Use the other options to define the index /shard settings for the restore. options: repository: es_backup # If name is blank, the most recent snapshot by age will be selected name: # If indices is blank, all indices in the snapshot will be restored indices: wait_for_completion: True max_wait: 3600 wait_interval: 10 filters: - filtertype: state state: SUCCESS |
Note: use --dry-run option to verify your action without any change. Find the dry run results in log path.
Curator --dry-run daily_backup.yml
Shell script and crontab
#!/bin/sh curator /u01/curator/del_snapshot .yml curator /u01/curator/daily_backup .yml |
crontab -e
Here configured the job run on every 3 AM
0 3 * * * /bin/sh /u01/curator/run .sh |
Restore
Curator restore.yml
Tested OK in CERT env.
Some useful API
# get all repositories curl -XGET 'localhost:9200/_snapshot/_all?pretty=true' # delete repository curl -XDELETE 'localhost:9200/_snapshot/es-snapshot?pretty=true' # show snapshots curator_cli show_snapshots --repository es_backup # show indices curator_cli show_indices |
最新文章
- jQuery 2.0.3 源码分析 样式操作
- 数据流 in redux
- 通过js给android控件WebView设padding
- Onedrive 明年初基础容量缩小到5G,执行这一步骤避免(保持30G)
- 《Qt Quick 4小时入门》学习笔记
- SharePoint 2013 PowerShell命令备份还原报错
- this Activity.this Activity.class
- 生成N个二进制位的组合
- 使用Aspose.Cells 设置chart的y坐标轴显示值
- jsp上传excel文件并导入数据库
- ubuntu 安装 open in teminal
- Light OJ 1021 - Painful Bases(状态压缩DP)
- Appium依据xpath获取控件实例随笔
- GPG error [...] NO_PUBKEY [...]
- OSChina技术导向:Java图表框架JFreeChart
- MVC5模板部署到mono
- 【webpack学习笔记】a04-建立开发环境
- vs2015中SQLSERVER数据库项目引用系统视图
- POJ 3020	-Antenna Placement-二分图匹配
- 1、jeecg 笔记开篇
热门文章
- 从Hive1.0升级到Hive2.0(删除hive1.x中的元数据, 并不是数据迁移)
- 【Linux】七种运行级别
- dubbo之服务分组
- AI:IPPR的数学表示-CNN可视化语义分析
- 【sqli-labs】 less26 GET- Error based -All you SPACES and COMMENTS belong to us(GET型基于错误的去除了空格和注释的注入)
- 备份-泛函编程(23)-泛函数据类型-Monad
- 【转载】浏览器缓存详解:expires cache-control last-modified
- DD打卡
- day002 计算机基础之 操作系统和编程语言的分类
- yum的方式搭建mysql