ELK
关注
分享
扫一扫
elk相关
蓝~天~
这个作者很懒,什么都没留下…
展开
专栏收录文章
- 默认排序
- 最新发布
- 最早发布
- 最多阅读
- 最少阅读
-
fluent-bit代替filebeat实战(smartgate、nginx)
tg-agent-bit安装[td-agent-bit]name = TD Agent Bitbaseurl = https://packages.fluentbit.io/centos/7/$basearch/gpgcheck=1gpgkey=https://packages.fluentbit.io/fluentbit.keyenabled=1yum install td-agent-bit -yvi /etc/td-agent-bit/td-agent-bit.confsudo原创 2021-03-03 12:49:50 · 1943 阅读 · 0 评论 -
基于docker的json格式日志nginx pipeline
PUT _ingest/pipeline/docker-nginx{ "description": "Pipeline for parsing docker Nginx access logs. ", "processors": [ { "grok": { "field": "log", "patterns": [ "(%{NGINX_HOST} )?\"?(?:%{NGINX_ADDRESS_LIST:nginx.acces原创 2021-03-02 11:08:06 · 309 阅读 · 0 评论 -
elasticsearch DSL查询
1、根据条件修改的命令示例:POST test1/_update_by_query{ "query": { "term": { "phone": "12345678909" } } , "script": { "source": "ctx._source['message'] = 'xuwujing'" }}2、根据条件删除数据的命令示例:POST test/_delete_by_query{ "query": { "term原创 2020-10-21 17:08:48 · 214 阅读 · 0 评论 -
基于docker快速部署elasticsearch_6.8.5(单机)
1、下载docker pull elasticsearch:6.8.52、配置elasticsearch.ymlnetwork.host: 192.168.11.191http.port: 9200bootstrap.memory_lock: falsehttp.cors.allow-origin: "*"http.cors.allow-headers: Authorizationxpack.security.enabled: truexpack.security.transport.原创 2020-10-13 11:38:16 · 365 阅读 · 0 评论 -
基于docker环境的elastalert安装
1、下载elastalert镜像docker pull anjia0532/elastalert-docker2、启动docker#!/bin/bashdocker run -itd --restart=always --name elastalert --network host \ -v /data/elastalert/rules:/opt/elastalert/rules \ -v /data/elastalert/elastalert_modules:/opt/elas原创 2020-09-29 10:33:40 · 1628 阅读 · 1 评论 -
elastalert控制警报时间段
elastalert控制警报时间段https://github.com/0xSeb/elastalert_hour_range1、在elastalert_modules在增加hour_range_enhancement.pyimport dateutil.parserfrom elastalert.enhancements import BaseEnhancementfrom elastalert.enhancements import DropMatchExceptionclass Hou原创 2020-09-29 10:21:28 · 1047 阅读 · 0 评论