记一次ELK从5.6.10升级到6.7.0

最新推荐文章于 2023-04-11 17:30:17 发布
最新推荐文章于 2023-04-11 17:30:17 发布
阅读量911 收藏 1
点赞数 2
文章标签: ELK 升级 elasticsearch logstash filebeat
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_43608969/article/details/102687784
版权

记一次ELK从5.6.10升级到6.7.0

由于公司要求,原来的产品使用的是elk5.6.10版本,由于现在已经出到elk7,版本过低,且一些重大漏洞已不再进行维护,所以需要升级处理,就研究了一下elk升级事项。
原定升级升到7,但查看elk对应的spring data elasticsearch只更新到对应elk6.8,升级到7无法使用,所以最终决定升级到6.7.0
目前我使用的架构是filebeat+logstash+elasticsearch,kibana也进行了升级,但由于目前项目未用到,所以没深入研究。

升级顺序

elasticsearch-》logstash-》filebeat
升级最重要的是elasticsearch,因为这里涉及到一个旧索引的问题,所以要先升级elasticsearch,并且elasticsearch官方文档有说6版本是支持低版本的logstash,就是说可以只升级elasticsearch,而不升级logstash,所以这样的升级顺序不会造成中间数据丢失,也不会造成旧索引不能用的问题。

elasticsearch升级

参考官方文档,由5.x升级到6.x是可以直接升级的,但如果从5.x升级到7.x则需要先升级到6,再升级到7才行,这点需要注意。
升级步骤官文中都有,我这里不再多说,只列一下我升级的步骤:

  1. 禁用分片分配
curl -X PUT "localhost:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'
{
  "persistent": {
    "cluster.routing.allocation.enable": "primaries"
  }
}
'
  1. 停止不必要的索引并执行同步刷新
curl -X POST "localhost:9200/_flush/synced?pretty"
  1. 停止所有正在运行的机器学习作业.(我这里没有机器学习作业,所以无需执行)
curl -X POST "localhost:9200/_ml/set_upgrade_mode?enabled=true&pretty"
  1. 停服务(注意非root的要用sudo)
service elasticsearch stop #AS6
systemctl stop elasticsearch.service #AS7
  1. 执行升级包
rpm -Uvh elasticsearch-6.7.0.rpm
  1. 如果有插件,需要将对应的插件升级(我这里有用了ik分词器)
rm -rf ...../elasticsearch/plugins/ik #将安装目录plugins下的内容删除
unzip -o elasticsearch-analysis-ik-6.7.0.zip -d ..../elasticsearch/plugins/ik
  1. 重新启用分片分配(要先重启elasticsearch,要等elasticsearch全部启动完成才能执行)
curl -X PUT "localhost:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'
{
  "persistent": {
    "cluster.routing.allocation.enable": null
  }
}
'
  1. 重新启动机器学习作业
curl -X POST "localhost:9200/_ml/set_upgrade_mode?enabled=false&pretty"

至此,elasticsearch就升级完成了,到这里还比较顺利,旧的索引还能用,但新索引不能生成,因为logstash的动态入库模板还是匹配5.6.10版本时候的。调整的过程很漫长,这里列一下报错:

[2019-10-14T15:29:25,208][DEBUG][o.e.a.b.TransportShardBulkAction] [Centos6x64] [riskip_2019-10-14][2] failed to execute bulk item (index) index {[riskip_2019-10-14][imap][SooryW0BpHApaHjh-P3R]
...
java.lang.IllegalArgumentException: Rejecting mapping update to [riskip_2019-10-14] as the final mapping would have more than 1 type: [imap, pop3]
        at org.elasticsearch.index.mapper.MapperService.internalMerge(MapperService.java:459) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.MapperService.internalMerge(MapperService.java:403) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.MapperService.merge(MapperService.java:338) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.metadata.MetaDataMappingService$PutMappingExecutor.applyRequest(MetaDataMappingService.java:330) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.metadata.MetaDataMappingService$PutMappingExecutor.execute(MetaDataMappingService.java:231) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.MasterService.executeTasks(MasterService.java:643) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:270) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.MasterService.runTasks(MasterService.java:200) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.MasterService$Batcher.run(MasterService.java:135) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:150) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:188) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:681) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:252) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:215) ~[elasticsearch-6.7.0.jar:6.7.0]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_201]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_201]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]

这里是因为elasticsearch6之后去除了对type的支持,所有type都为doc,如果模板中包含_default_选项,入库的时候就会报这个错误,说明有多个type将要入库,所以入库失败。需要在模板中把_default_改为doc

[2019-10-14T15:35:44,523][DEBUG][o.e.a.a.i.t.p.TransportPutIndexTemplateAction] [Centos6x64] failed to put template [mta_tmpl]
org.elasticsearch.index.mapper.MapperParsingException: Failed to parse mapping [properties]: Root mapping definition has unsupported parameters: 
.....
        at org.elasticsearch.index.mapper.MapperService.internalMerge(MapperService.java:399) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.MapperService.merge(MapperService.java:330) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService.validateAndAddTemplate(MetaDataIndexTemplateService.java:253) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService.access$300(MetaDataIndexTemplateService.java:65) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService$2.execute(MetaDataIndexTemplateService.java:176) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:47) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.MasterService.executeTasks(MasterService.java:643) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:270) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.MasterService.runTasks(MasterService.java:200) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.MasterService$Batcher.run(MasterService.java:135) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:150) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:188) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:681) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:252) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:215) [elasticsearch-6.7.0.jar:6.7.0]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_201]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_201]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]

还是模板问题,要注意,6以后不再支持string类型,而要把所有的string改为text才行。
调整模板的时候可以在kibana中进行,根据返回的报错信息随时调整,会方便一些。

logstash 升级

logstash相对elasticsearch容易一些,没有那么多步骤,只要上面把模板调整好,一般是可以顺利升级的。

  1. 停服务(注意要查看进程是否彻底停掉,可以选择直接kill)
  2. 执行升级包
rpm -Uvh logstash-6.7.0.rpm
  1. 升级对应插件
  2. 重启logstash服务即可

重启后注意观察logstash日志是否有报错异常,要即使根据报错进行修改

filebeat 升级

同上logstash的升级,停服务后执行升级包即可
说几点注意的问题:

  1. 升级完logstash后总是会出现filebeat链接超时关闭连接的情况,不知道是否为必现,建议添加配置:
input {
    beats {
       #添加这句配置,增加超时时间
        client_inactivity_timeout => 1200
        port => "${TCP_PORT:5043}"
    }
}
  1. filebeat升级后,因为更改了索引名称方式(详细的看一下官方文档吧)升级后建索引不成功,会报错:
[2019-10-15T13:48:45,277][DEBUG][o.e.a.b.TransportShardBulkAction] [Centos6x64] [da_2019-10-15][2] failed to execute bulk item (index) index {[da_2019-10-15][doc][Utv2            zW0BViIDd0UUKzBa], 
......
org.elasticsearch.index.mapper.MapperParsingException: failed to parse field [host] of type [text] in document with id 'Utv2zW0BViIDd0UUKzBa'
        at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:303) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:488) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:505) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.DocumentParser.innerParseObject(DocumentParser.java:395) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrNested(DocumentParser.java:384) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.DocumentParser.internalParseDocument(DocumentParser.java:96) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.DocumentParser.parseDocument(DocumentParser.java:69) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:281) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.shard.IndexShard.prepareIndex(IndexShard.java:799) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.shard.IndexShard.applyIndexOperation(IndexShard.java:775) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.shard.IndexShard.applyIndexOperationOnPrimary(IndexShard.java:744) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.lambda$executeIndexRequestOnPrimary$3(TransportShardBulkAction.java:454) ~[elasticsearch-6.7.0.jar:6.            7.0]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.executeOnPrimaryWhileHandlingMappingUpdates(TransportShardBulkAction.java:477) ~[elasticsearch-6.7.0.            jar:6.7.0]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.executeIndexRequestOnPrimary(TransportShardBulkAction.java:452) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.executeBulkItemRequest(TransportShardBulkAction.java:216) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.performOnPrimary(TransportShardBulkAction.java:159) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.performOnPrimary(TransportShardBulkAction.java:151) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:139) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:79) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:1050) ~[elasticsearch-            6.7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:1028) ~[elasticsearch-            6.7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.ReplicationOperation.execute(ReplicationOperation.java:105) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.runWithPrimaryShardReference(TransportReplicationAction.java:424)             ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.lambda$doRun$0(TransportReplicationAction.java:370) ~[elasticsear            ch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:61) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.shard.IndexShardOperationPermits.acquire(IndexShardOperationPermits.java:273) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.shard.IndexShardOperationPermits.acquire(IndexShardOperationPermits.java:240) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.shard.IndexShard.acquirePrimaryOperationPermit(IndexShard.java:2561) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.TransportReplicationAction.acquirePrimaryOperationPermit(TransportReplicationAction.java:987) [elasticsearch-6.            7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.doRun(TransportReplicationAction.java:369) [elasticsearch-6.7.0.j            ar:6.7.0]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:324            ) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:311            ) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler$1.doRun(SecurityServerTransportInterceptor.java:2            50) [x-pack-security-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler.messageReceived(SecurityServerTransportIntercepto            r.java:308) [x-pack-security-6.7.0.jar:6.7.0]
        at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:66) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.transport.TransportService$7.doRun(TransportService.java:686) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:751) [elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.7.0.jar:6.7.0]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_201]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_201]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
Caused by: java.lang.IllegalStateException: Can't get text on a START_OBJECT at 1:595
        at org.elasticsearch.common.xcontent.json.JsonXContentParser.text(JsonXContentParser.java:85) ~[elasticsearch-x-content-6.7.0.jar:6.7.0]
        at org.elasticsearch.common.xcontent.support.AbstractXContentParser.textOrNull(AbstractXContentParser.java:269) ~[elasticsearch-x-content-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.TextFieldMapper.parseCreateField(TextFieldMapper.java:828) ~[elasticsearch-6.7.0.jar:6.7.0]
        at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:297) ~[elasticsearch-6.7.0.jar:6.7.0]
        ... 42 more

要么改索引名称方式,要么在logstash.conf配置中增加下面的配置

mutate {
        remove_field => [ "[host]" ]
}
mutate {
      add_field => {
      "host" => "%{[beat][hostname]}"
}

至此,全部重启之后数据能够正常入库并可以正常查询,不过需要注意的是,之前通过type过滤查询结果的查询语句需要修改,因为新的索引中只有doc一种type,但数据中会有“type”:“log”这个字段,可以通过terms限定条件查询

ELK版本升级elasticsearchlogstash、kibana升级)!
资深Bug写手的博客
02-01 3204
一、ELK版本升级elasticsearchlogstash、kibana升级)! 最近网络安全整改,需要对项目中用到的中间件、第三方软件进行版本更新(听运维同学说是更新到最新版本就是最安全的。。。。),这次更新elk日志系统。并且是在没有网络、不丢失当前elk日志系统配置下。我们用的中间件为:elasticsearchlogstash、kibana、kafka、zookeeper。 二、日志系统架构图 我们用的日志管理系统主要由日志收集、消息队列、日志分析、日...
ELK-B 5.x升级6.x
Janloong Do_O
12-21 885
ELK-B 升级Author : Janloong Do_O 5.x 升级6.x 官方文档 备份恢复数据 详细请阅读参考文档 , 本人只在这里做了一些基本的使用,针对的是单机环境 备份数据需要cluster有一个共享的文件系统,在这里需要配置一个repo.pathelasticsearch.yml path.repo: ["/opt/es_backup", "/mount/longterm
升级ELK到最新版本
weixin_34375233的博客
06-21 775
线上ELK运行一段时间了,但是各种小问题不断,logstash经常挂掉,kibana查询缓慢等等,现在决定升级ELK组件到最新版本,看看效果。一 升级ElasticsearchElasticsearch原来的版本是1.7.1Elasticsearch最新版本是2.3.3在升级之前首先查看的就是官方文档关于升级的注意事项1.查看Breaking Changes说明Elasti...
ELK之从6.3.1升级6.6.2
abtmh02622的专栏
03-28 170
  需要把原6.3.1版本升级6.6.2版本   1,官网下载rpm包   2,升级elasticsearch和kibana rpm -U elasticsearch-6.6.2.rpm rpm -U kibana-6.6.2-x86_64.rpm rpm -U logstash-6.6.2.rpm      配置还是使用原配置,新版本配置会在配置文件夹生成一...
ELK6.2升级7.17
gjjhyd的博客
09-29 1230
ELK6.2升级7.17
基于Docker快速搭建ELK6.7.0.zip
12-05
用最简单的方法做复杂的工作:基于Centos7.2+Docker18.03.1-ce快速搭建ELK6.7.0
ElasticStack(ELK)从入门到实践.pdf
06-11
Elastic Stack,原名ELK Stack,是一个用于搜索、分析和可视化日志数据的开源工具套件。它由ElasticsearchLogstash、Kibana和Beats这四个组件组成,分别承担不同功能。 首先,Elasticsearch是一个基于Lucene构建...
ELK从入门到精通.pdf
04-25
ELK技术栈详解】 ...总的来说,ELK堆栈提供了一整套从日志收集、处理到可视化的解决方案,广泛应用于日志分析、监控和大数据处理场景。了解并熟练掌握ELK的各个组件及其配置,对于管理和优化日志系统至关重要。
elk2.3.4 index升级6.0.0
01-22
elk2.3.4 index升级 脚本,elk6.0.0 reindex脚本。升级
ELK技术栈】从01:手把手教你运维ELK-日志管理与数据分析系统全解析
最新发布
06-02
内容概要:本文详细介绍了ELKElasticsearchLogstash、Kibana)这套强大的开源日志管理和分析平台。首先阐述了ELK在数字化时代的重要性及其三个核心组件的功能:Elasticsearch作为分布式搜索和分析引擎,具备高效...
elasticsearch-6.7.0
03-29
ElasticSearch(ES)2019最新版下载。Elasticsearch是个开源分布式搜索引擎,提供搜集、分析、存储数据三大功能。它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等。Elasticsearch是一个高度可扩展的开源全文搜索和分析引擎。它允许您快速,近实时地存储,搜索和分析大量数据。它通常用作支持具有复杂搜索功能和需求的应用程序的底层引擎/技术。
ELK 集群升级操作
weixin_30522183的博客
09-27 192
1.配置项变更 2.禁用自动分片 disabled shard allocation curl -XPUT 'localhost:9200/_cluster/settings?pretty' -H 'Content-Type: application/json' -d' { "persistent": { "cluster.routing.allocat...
【Elastic (ELK) Stack 实战教程】10ELK 架构升级-引入消息队列 Redis、Kafka
GG Bond 的博客
04-11 1912
ELK 架构升级-引入消息队列 Redis、kafka
一次ELK5.5.x升级6.0.0的过程
克隆大菠萝的超市
12-09 3685
前言: 1.部署的ELK架构为elasticsearch(以下简称ES)+logstash+kibana+filebeat 2.filebeat部署在需要收集日志的节点上,负责收集日志。接着交由logstashelasticsearch过滤分析,然后传输并集中在kibana系统上进行可视化展示 3.非集群部署none-cluster 1.Eleasticsearch部分:
Elasticsearch 6.x升级7.x 版本Scroll
u013367040的博客
06-02 720
Trying to create too many scroll contexts. Must be less than or equal to: [500] 异常的描述是scroll快照太多,同时存在的context数量超过500导致异常 kibana命令清除 DELETE _search/scroll/_all JAVA逻辑清除 private RestHighLevelClient client; private String scrollId; public RestHighLevelClient
es6升级到es7
qq_23176155的博客
04-28 2634
我们首先查看一下spring data官网,查看spring boot-elasticSearch版本对应关系: Spring Data Elasticsearch - Reference Documentationhttps://docs.spring.io/spring-data/elasticsearch/docs/4.2.0/reference/html/#preface.requirements本次es升级是从6.2升到7.6;Springboot项目,修改spring-boot-starter
编译社区版ElasticSearch5.6.10
starlywang的博客
03-15 650
编译社区版ElasticSearch5.6.101. ES5.6.10社区版git地址2. 编译步骤(1) 搭建Gradle编译环境:ES5.6.10社区版编译依赖Gradle4.7+与JDK8。(2) 项目根目录执行gradle assemble命令(3) 编译成功后打包文件存放的位置3. 本地测试(1) IDEA本地测试(2) 部署集群测试4. IDEA远程调试(1) 启动ES实例:ES根目录...
Elasticsearch 6.x升级7.x 版本的注意事项及填坑
逝去小时的博客
01-08 4201
Elasticsearch5.x 升级 7.x 版本根据部署方式不同存在不同升级方式,目前有两种一、laradock部署的搜索引擎版本升级二、AWS搜索服务升级三、QAQ 各类问题及解决 根据部署方式不同存在不同升级方式,目前有两种 laradock部署的搜索引擎版本升级 AWS的搜索服务版本升级 一、laradock部署的搜索引擎版本升级 升级6.8.13 1.1 elasticsearch/Dockerfile、kibana/Dockerfile 的版本号修改为 6.8.13 1.2 d
ElasticSearch 6.4升级ElasticSearch 7.8
goodsirlee的博客
07-01 2764
背景: 目前ES集群的版本还是6.4,最新的ES版本已经到了7.8了,是时候更新迭代了,先把测试环境下的更新了。 通过官方文档了解到有2种升级方案https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-upgrade.html 1.滚动升级 首先升级6.8再升级7.8,这个好处是不用中断业务,一台一个升级 2.全新集群升级 这个在升级的过程中是会要关闭集群的,对业务有一定的影响 考虑到公司存储的只是普通的业务数据,定期7
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值