堆栈内存溢出
  简体   繁体   English

ElasticSearch存储/如何存储从Logstash收到的日志?

[英]Where / How ElasticSearch stores logs received from Logstash?

 原文  2016-07-21 13:16:43       elasticsearch/ storage/ elastic-stack

问题描述

Disclaimer: I am very new to ELK Stack, so this question can be very basic. 免责声明:我对ELK Stack 很新 ,所以这个问题可能非常基础。

I am setting up ELK stack now. 我现在正在设置ELK堆栈。 I have below basic questions about ElasticSearch . 我有关于ElasticSearch的 基本问题。

  1. What is the storage model elastic search is following? 弹性搜索的存储模型是什么?

For example Oracle is using relational model ,Alfresco is using "document model" and Apache Jackrabbit is using "hierarchial model" 例如,Oracle使用关系模型,Alfresco使用“文档模型”,Apache Jackrabbit使用“层次模型”

2.Log data stored in elastic search is persistent/permanent ? 2.弹性搜索中存储的日志数据是持久的/永久的 Or ElasticSearch deletes log data after certain period? 或者ElasticSearch在一段时间后删除日志数据?

3.How we will manage/backup this data? 3.我们如何管理/备份这些数据?

4.Log/data files in Elastic Search is human-readable ? 4.弹性搜索中的日志/数据文件是人类可读的吗?

Any help/route to documentation will be appreciated. 任何文档的帮助/路线将不胜感激。

1 个解决方案

解决方案1
 3 已采纳  2016-07-21 13:40:28

  1. the storage model is a Document model. 存储模型是Document模型。 Everything is a document . 一切都是文件 The documents are of a particular type and they are stored in an index . 文档属于特定类型,并存储在索引中
  2. Data send to ES is stored on disk. 发送到ES的数据存储在磁盘上。 It can be then read , searched or deleted through a REST API. 然后可以通过REST API 读取搜索删除它。
  3. The Data is managed through the rest API. 数据通过其余API进行管理。 Usually for log centralisation, the logs are stored in date-based index (one index for today, one for yesterday and so on), so to delete the logs from one day, you delete the relevant index . 通常,对于日志集中,日志存储在基于日期的索引中(今天为一个索引,昨天为一个,依此类推),因此要从一天删除日志,请删除相关索引 Curator can help in this case. 策展人可以在这种情况下提供帮助。 ES offers a backup and restore module . ES提供备份和恢复模块
  4. To access the data in ES, you'll have to use the REST API or use the Kibana client . 要访问ES中的数据,您必须使用REST API或使用Kibana客户端

Documentation: 文档:
https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Elasticsearch中删除旧日志来自Logstash - Deleting old logs in elasticsearch came from logstash 从logstash发送日志到elasticsearch不匹配 - Send logs from logstash to elasticsearch mismatch 日志没有从 logstash 推送到 elasticsearch - logs are not getting pushed to elasticsearch from logstash 如何在两台分离的服务器之间使用Logstash将日志从文件发送到Elasticsearch? - How can I send logs from file to Elasticsearch using Logstash between two separated servers? Elasticsearch 未创建从 Logstash Output 文件接收的索引 - Elasticsearch is not creating an index received from Logstash Output file 从 logstash 发送的日志尚未在 elasticsearch 中编入索引 - logs sent from logstash haven't been indexed in elasticsearch 将logstash日志直接发送到elasticsearch - Sending logstash logs directly to elasticsearch logstash不将日志推送到AWS Elasticsearch - logstash not pushing logs to AWS Elasticsearch Logstash无法将日志放入elasticsearch - Logstash failed to put logs to elasticsearch 通过 Logstash - Grok - ElasticSearch 标记日志 - Tagging the Logs by Logstash - Grok - ElasticSearch
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM