日志中心 基于ES
搭建: Ubuntu 16.04 https://www.elastic.co/downloads/elasticsearch
- 启动ES bin/elasticsearch
- 启动kibana bin/kibana
- 启动tomcat bin/startup.sh
- 启动logstash bin/logstash -f tomcat.conf
启动spring 工程,访问 http://127.0.0.1:9002/index.html
clientip字段(text类型)需要聚合,需要执行 PUT logstash-apacheaccesslog*/_mapping/logs/ { "properties": { "clientip": { "type": "text", "norms": false, "fielddata": true } } }
创建searchlogs索引logs类型,用于记录搜索历史
POST searchlogs/logs/_mapping
{
"logs": {
"properties": {
"message": {
"type": "text",
"norms": false,
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"timestamp": {
"type": "text",
"norms": false,
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"clientip": {
"type": "ip"
},
"city": {
"type": "text",
"norms": false,
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"usetime": {
"type": "short"
}
},
"createDate": {
"type": "date"
}
}
}
因为需要聚合message字段(text类型),需要执行
PUT searchlogs/_mapping/logs/
{
"properties": {
"message": {
"type": "text",
"norms": false,
"fielddata": true
}
}
}