ELK 这一套的版本更迭很快,
而且es常有不兼容的东西出现,
经常是搜一篇文章,看似能用,拿到我这边就不能用了。
很是烦恼。
我这边的ELK版本目前是 6.8.18,这次的操作记录一下。
(涉密内容略有删改,一看便知)
es版本信息:
{"name" : "es-client1","cluster_name" : "xt-logs-view","cluster_uuid" : "xxxxxxxxxxxx-UNg","version" : {"number" : "6.8.18","build_flavor" : "default","build_type" : "docker","build_hash" : "aca2329","build_date" : "2021-07-28T16:06:05.232873Z","build_snapshot" : false,"lucene_version" : "7.7.3","minimum_wire_compatibility_version" : "5.6.0","minimum_index_compatibility_version" : "5.0.0"},"tagline" : "You Know, for Search"
}创建一个index,指定字段为date类型
kibana中的命令:
PUT my_index
{"mappings": {"_doc": {"properties": {"createTime": {"type": "date","format": "yyyy-MM-dd HH:mm:ss"},"updateTime": {"type": "date","format": "yyyy-MM-dd HH:mm:ss"}}}}
}
结合java项目中的类型
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class MyIndex implements Serializable {//其他字段略/*** 创建时间*/@Field(type = FieldType.Date,format = DateFormat.custom,pattern = "yyyy-MM-dd HH:mm:ss")@JSONField(format = "yyyy-MM-dd HH:mm:ss")private Date createTime;/*** 更新时间*/@Field(type = FieldType.Date,format = DateFormat.custom,pattern = "yyyy-MM-dd HH:mm:ss")@JSONField(format = "yyyy-MM-dd HH:mm:ss")private Date updateTime;
}
java写入es (springboot)
<dependency><groupId>org.elasticsearch.client</groupId><artifactId>elasticsearch-rest-high-level-client</artifactId><version>6.8.18</version></dependency><dependency><groupId>org.springframework.data</groupId><artifactId>spring-data-elasticsearch</artifactId> <version>3.1.11.RELEASE</version></dependency>
客户端配置
spring:data:elasticsearch:rest:uris: http://172.16.100.1:9200,http://172.16.100.2:9200,http://172.16.100.3:9200
@Data
@Configuration
public class ElasticSearchConfig {@Value("${spring.data.elasticsearch.rest.uris}")private String[] uris;@Beanpublic RestHighLevelClient restHighLevelClient() {//单机版//return new RestHighLevelClient(RestClient.builder(new HttpHost(host, port, "http")));//集群版HttpHost[] httpHosts = Arrays.stream(uris).map(HttpHost::create).toArray(HttpHost[]::new);//集群版RestHighLevelClient client = new RestHighLevelClient(RestClient.builder(httpHosts));return client;}
}
java代码写入es
package cn.xxxxx.service.impl;import com.alibaba.fastjson.JSON;
import lombok.extern.slf4j.Slf4j;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.action.support.replication.ReplicationResponse;
import org.elasticsearch.client.RequestOptions;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.XContentType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;/*** @author zss* @date 2024年7月16日* @Email:*/
@Slf4j
@Service
public class EsMyIndexServiceImpl implements EsMyIndexService {private static String ES_INDEX_NAME = "my_index";private static String ES_DOC_TYPE = "_doc";@AutowiredRestHighLevelClient restHighLevelClient;@Overridepublic void saveXxxx(MyIndex myIndex) {// 创建索引请求对象IndexRequest indexRequest = new IndexRequest(ES_INDEX_NAME, ES_DOC_TYPE);indexRequest.source(JSON.toJSONString(myIndex), XContentType.JSON);indexRequest.timeout(TimeValue.timeValueSeconds(1));indexRequest.setRefreshPolicy(WriteRequest.RefreshPolicy.WAIT_UNTIL);//数据为存储而不是更新indexRequest.create(false);//indexRequest.id(mqRecord.getId() + "");// 执行增加文档restHighLevelClient.indexAsync(indexRequest, RequestOptions.DEFAULT, new ActionListener<IndexResponse>() {@Overridepublic void onResponse(IndexResponse indexResponse) {ReplicationResponse.ShardInfo shardInfo = indexResponse.getShardInfo();if (shardInfo.getFailed() > 0) {for (ReplicationResponse.ShardInfo.Failure failure : shardInfo.getFailures()) {log.error("mqRecord {} 存入ES时失败,原因为:{}", JSON.toJSONString(mqRecord), failure.getCause());}}}@Overridepublic void onFailure(Exception e) {log.error("mqRecord {} 存入es时异常,数据信息为", JSON.toJSONString(mqRecord), e);}});}}kibana创建索引模式
创建索引模式
创建的索引模式里,终于可以指定某字段为时间字段了,从而可以使用时间范围搜索。
可按时间范围查
