Metricbeat源码分析

已于 2022-04-24 17:21:23 修改
阅读量826 收藏 3
点赞数 1
分类专栏: Golang ELK 安全 文章标签: elasticsearch 大数据 big data metricbeat beats
于 2022-03-09 14:41:42 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_29113041/article/details/123276834
版权
安全 同时被 3 个专栏收录
5 篇文章 1 订阅
订阅专栏
Golang
2 篇文章 0 订阅
订阅专栏
ELK
2 篇文章 0 订阅
订阅专栏

0X00 版本信息

Golang:1.16.8

Metricbeat:7.14

0X01 Metricbeat介绍

Metricbeat quick start: installation and configuration | Metricbeat Reference [7.14] | Elastichttps://www.elastic.co/guide/en/beats/metricbeat/7.14/metricbeat-installation-configuration.html

Metricbeat 通过从操作系统和服务收集指标来帮助您监控服务器及其托管的服务。

Metricbeat基于libbeat开发,可以收集你想要的指标并发送到ES,然后在kibana展现。

0X02 Metricbeat监控的模块

名称        说明
modulemetricbeat监听各种指标的模块
metricset module中能监听到的具体指标数据集,例如system module就会包含cpu disk mem等数据集 

metricbeat.yml中定义了要监控的性能指标,默认如下:

在modules.d文件夹中,默认只有system.yml是以yml为后缀的文件,其他的文件默认加了disable后缀,不会被识别。

关于module的多层级映射关系如下:

metricbeat.yml指定加载哪些module的yml文件 --> modules.d中定义module的yml配置文件,包括module名称、采集时间间隔、metricsets --> module中定义采集数据的具体数据

0X03 输出

metribeat输出的event:

Event structure | Metricbeat Reference [7.14] | Elastichttps://www.elastic.co/guide/en/beats/metricbeat/7.14/metricbeat-event-structure.htmlmetricbeat输出的错误event:

https://www.elastic.co/guide/en/beats/metricbeat/7.14/error-event-structure.htmlhttps://www.elastic.co/guide/en/beats/metricbeat/7.14/error-event-structure.htmlprocesser:

在将事件发送到输出之前,对事件进行进一步处理

Filter and enhance data with processors | Metricbeat Reference [7.14] | Elastichttps://www.elastic.co/guide/en/beats/metricbeat/7.14/filtering-and-enhancing-data.html

0X04 源码分析

【Elastic Stack系列】第四章:源码分析(二) Metricbeat篇 – Twocups版权声明:本文为博主原创文章,转载请注明出处:https://twocups.cn/index.php/202 […]https://twocups.cn/index.php/2021/03/15/33/

 该文章只讲了metricbeat主流程,还有一些细枝末节没有涉及到,我在此处补充一下所看到的细枝末节源码。

1.Runner的实现方式

metricbeat使用Runner的概念来并行运行各个module,在metricbeat.go的Run函数中运行了N个Runner,调用Runner.Start方法:

	for _, r := range bt.runners {
		r.Start()
		wg.Add(1)

		thatRunner := r
		go func() {
			defer wg.Done()
			<-bt.done
			thatRunner.Stop()
		}()
	}

Runner interface:

type Runner interface {
	// fmt.Stringer is required here because when used as a cfgfile.Runner
	// we need a way to print a threadsafe set of fields since it will likely
	// be printed from a concurrent goroutine.
	fmt.Stringer

	// Start starts the Module. If Start is called more than once, only the
	// first will start the Module.
	Start()

	// Stop stops the Module and waits for module's MetricSets to exit. The
	// publisher.Client will be closed by Stop. If Stop is called more than
	// once, only the first stop the Module and wait for it to exit.
	Stop()
}

interface定义了Start()方法和Stop()方法,看一下具体实现:

func (mr *runner) Start() {
    // 使用sync.once控制被执行函数只能被调用一次
	mr.startOnce.Do(func() {
		output := mr.mod.Start(mr.done)
		mr.wg.Add(1)
		moduleList.Add(mr.mod.Name())
		go func() {
			defer mr.wg.Done()
			PublishChannels(mr.client, output)
		}()
	})
}

func (mr *runner) Stop() {
	mr.stopOnce.Do(func() {
		close(mr.done)
		mr.client.Close()
		mr.wg.Wait()
		moduleList.Remove(mr.mod.Name())
	})
}

2. moduleList

在Runner Start()和Stop()里面可以看到Runner启停执行的操作,里面有一个moduleList很扎眼,下面来看看moduleList具体是干嘛的,首先看看module的定义(metricbeat/mb/module/runner.go):

var (
	moduleList *monitoring.UniqueList
)

func init() {
	moduleList = monitoring.NewUniqueList()
	monitoring.NewFunc(monitoring.GetNamespace("state").GetRegistry(), "module", moduleList.Report, monitoring.Report)
}

进一步查看*monitoring.UniqueList(libbeat/monitoring/list.go):

package monitoring

import (
	"sync"
)

// UniqueList is used to collect a list of items (strings) and get the total count and all unique strings.
type UniqueList struct {
	sync.Mutex
	list map[string]int
}

// NewUniqueList create a new UniqueList
func NewUniqueList() *UniqueList {
	return &UniqueList{
		list: map[string]int{},
	}
}

// Add adds an item to the list and increases the count for it.
func (l *UniqueList) Add(item string) {
	l.Lock()
	defer l.Unlock()
	l.list[item]++
}

// Remove removes and item for the list and decreases the count.
func (l *UniqueList) Remove(item string) {
	l.Lock()
	defer l.Unlock()
	l.list[item]--
}

// Report can be used as reporting function for monitoring.
// It reports a total count value and a names array with all the items.
func (l *UniqueList) Report(m Mode, V Visitor) {
	V.OnRegistryStart()
	defer V.OnRegistryFinished()

	var items []string
	var count int64

	l.Lock()
	defer l.Unlock()

	for key, val := range l.list {
		if val > 0 {
			items = append(items, key)
		}
		count += int64(val)
	}

	ReportInt(V, "count", count)
	ReportStringSlice(V, "names", items)
}

可以看到moduleList就是一个UniqueList的实例,该struct包含了一个map[string]int和一个锁,Add就是把map[string]的计数+1,Remove就是把map[string]的计数-1。

3.Runner的动态加载实现:RunnerList(libbeat/cfgfile/list.go)

package cfgfile

import (
	"sync"

	"github.com/joeshaw/multierror"
	"github.com/mitchellh/hashstructure"
	"github.com/pkg/errors"

	"github.com/elastic/beats/v7/libbeat/beat"
	"github.com/elastic/beats/v7/libbeat/common"
	"github.com/elastic/beats/v7/libbeat/common/reload"
	"github.com/elastic/beats/v7/libbeat/logp"
	"github.com/elastic/beats/v7/libbeat/publisher/pipetool"
)

// RunnerList implements a reloadable.List of Runners
type RunnerList struct {
	runners  map[uint64]Runner
	mutex    sync.RWMutex
	factory  RunnerFactory
	pipeline beat.PipelineConnector
	logger   *logp.Logger
}

// NewRunnerList builds and returns a RunnerList
func NewRunnerList(name string, factory RunnerFactory, pipeline beat.PipelineConnector) *RunnerList {
	return &RunnerList{
		runners:  map[uint64]Runner{},
		factory:  factory,
		pipeline: pipeline,
		logger:   logp.NewLogger(name),
	}
}

// Reload the list of runners to match the given state
func (r *RunnerList) Reload(configs []*reload.ConfigWithMeta) error {
	r.mutex.Lock()
	defer r.mutex.Unlock()

	var errs multierror.Errors

	startList := map[uint64]*reload.ConfigWithMeta{}
	stopList := r.copyRunnerList()

	r.logger.Debugf("Starting reload procedure, current runners: %d", len(stopList))

	// diff current & desired state, create action lists
	for _, config := range configs {
		hash, err := HashConfig(config.Config)
		if err != nil {
			r.logger.Errorf("Unable to hash given config: %s", err)
			errs = append(errs, errors.Wrap(err, "Unable to hash given config"))
			continue
		}

		if _, ok := r.runners[hash]; ok {
			delete(stopList, hash)
		} else {
			startList[hash] = config
		}
	}

	r.logger.Debugf("Start list: %d, Stop list: %d", len(startList), len(stopList))

	// Stop removed runners
	for hash, runner := range stopList {
		r.logger.Debugf("Stopping runner: %s", runner)
		delete(r.runners, hash)
		go runner.Stop()
		moduleStops.Add(1)
	}

	// Start new runners
	for hash, config := range startList {
		runner, err := createRunner(r.factory, r.pipeline, config)
		if err != nil {
			if _, ok := err.(*common.ErrInputNotFinished); ok {
				// error is related to state, we should not log at error level
				r.logger.Debugf("Error creating runner from config: %s", err)
			} else {
				r.logger.Errorf("Error creating runner from config: %s", err)
			}
			errs = append(errs, errors.Wrap(err, "Error creating runner from config"))
			continue
		}

		r.logger.Debugf("Starting runner: %s", runner)
		r.runners[hash] = runner
		runner.Start()
		moduleStarts.Add(1)
	}

	// NOTE: This metric tracks the number of modules in the list. The true
	// number of modules in the running state may differ because modules can
	// stop on their own (i.e. on errors) and also when this stops a module
	// above it is done asynchronously.
	moduleRunning.Set(int64(len(r.runners)))

	return errs.Err()
}

// Stop all runners
func (r *RunnerList) Stop() {
	r.mutex.Lock()
	defer r.mutex.Unlock()

	if len(r.runners) == 0 {
		return
	}

	r.logger.Infof("Stopping %v runners ...", len(r.runners))

	wg := sync.WaitGroup{}
	for hash, runner := range r.copyRunnerList() {
		wg.Add(1)

		delete(r.runners, hash)

		// Stop modules in parallel
		go func(h uint64, run Runner) {
			defer wg.Done()
			r.logger.Debugf("Stopping runner: %s", run)
			run.Stop()
			r.logger.Debugf("Stopped runner: %s", run)
		}(hash, runner)
	}

	wg.Wait()
}

// Has returns true if a runner with the given hash is running
func (r *RunnerList) Has(hash uint64) bool {
	r.mutex.RLock()
	defer r.mutex.RUnlock()
	_, ok := r.runners[hash]
	return ok
}

// HashConfig hashes a given common.Config
func HashConfig(c *common.Config) (uint64, error) {
	var config map[string]interface{}
	if err := c.Unpack(&config); err != nil {
		return 0, err
	}
	return hashstructure.Hash(config, nil)
}

func (r *RunnerList) copyRunnerList() map[uint64]Runner {
	list := make(map[uint64]Runner, len(r.runners))
	for k, v := range r.runners {
		list[k] = v
	}
	return list
}

func createRunner(factory RunnerFactory, pipeline beat.PipelineConnector, config *reload.ConfigWithMeta) (Runner, error) {
	// Pass a copy of the config to the factory, this way if the factory modifies it,
	// that doesn't affect the hash of the original one.
	c, _ := common.NewConfigFrom(config.Config)
	return factory.Create(pipetool.WithDynamicFields(pipeline, config.Meta), c)
}

0X05 创建自己的module

Metricbeat提供了丰富的命令行功能,进入到metricbeat目录下然后执行mage -l,查看支持的命令·列表:

 使用mage createMetricset命令可以创建自己的module。

0X06 libbeat流程分析

1.libbeat设计了通用的beat运行方案,beat进程的入口为main.go,例如 libbeat/main.go;metricbeat/main.go:

package main

import (
	"os"

	"github.com/elastic/beats/v7/metricbeat/cmd"
)

func main() {
	if err := cmd.RootCmd.Execute(); err != nil {
		os.Exit(1)
	}
}

2.libbeat定义了所有beat进程的命令行功能,参考libbeat/cmd/root.go:

package cmd

import (
	"flag"
	"fmt"
	"os"
	"strings"

	"github.com/spf13/cobra"

	"github.com/elastic/beats/v7/libbeat/beat"
	"github.com/elastic/beats/v7/libbeat/cfgfile"
	"github.com/elastic/beats/v7/libbeat/cmd/instance"
	"github.com/elastic/beats/v7/libbeat/cmd/platformcheck"
	"github.com/elastic/beats/v7/libbeat/licenser"
	"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch"
)

func init() {
	// backwards compatibility workaround, convert -flags to --flags:
	for i, arg := range os.Args[1:] {
		if strings.HasPrefix(arg, "-") && !strings.HasPrefix(arg, "--") && len(arg) > 2 {
			os.Args[1+i] = "-" + arg
		}
	}
}

// BeatsRootCmd handles all application command line interface, parses user
// flags and runs subcommands
type BeatsRootCmd struct {
	cobra.Command
	RunCmd        *cobra.Command
	SetupCmd      *cobra.Command
	VersionCmd    *cobra.Command
	CompletionCmd *cobra.Command
	ExportCmd     *cobra.Command
	TestCmd       *cobra.Command
	KeystoreCmd   *cobra.Command
}

// GenRootCmdWithSettings returns the root command to use for your beat. It take the
// run command, which will be called if no args are given (for backwards compatibility),
// and beat settings
func GenRootCmdWithSettings(beatCreator beat.Creator, settings instance.Settings) *BeatsRootCmd {
	// Add global Elasticsearch license endpoint check.
	// Check we are actually talking with Elasticsearch, to ensure that used features actually exist.
	elasticsearch.RegisterGlobalCallback(licenser.FetchAndVerify)

	if err := platformcheck.CheckNativePlatformCompat(); err != nil {
		fmt.Fprintf(os.Stderr, "Failed to initialize: %v\n", err)
		os.Exit(1)
	}

	if settings.IndexPrefix == "" {
		settings.IndexPrefix = settings.Name
	}

	rootCmd := &BeatsRootCmd{}
	rootCmd.Use = settings.Name

	// Due to a dependence upon the beat name, the default config file path
	err := cfgfile.ChangeDefaultCfgfileFlag(settings.Name)
	if err != nil {
		panic(fmt.Errorf("failed to set default config file path: %v", err))
	}

	// must be updated prior to CLI flag handling.

	rootCmd.RunCmd = genRunCmd(settings, beatCreator)
	rootCmd.ExportCmd = genExportCmd(settings)
	rootCmd.TestCmd = genTestCmd(settings, beatCreator)
	rootCmd.SetupCmd = genSetupCmd(settings, beatCreator)
	rootCmd.KeystoreCmd = genKeystoreCmd(settings)
	rootCmd.VersionCmd = GenVersionCmd(settings)
	rootCmd.CompletionCmd = genCompletionCmd(settings, rootCmd)

	// Root command is an alias for run
	rootCmd.Run = rootCmd.RunCmd.Run

	// Persistent flags, common across all subcommands
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("E"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("c"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("d"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("v"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("e"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("environment"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("path.config"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("path.data"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("path.logs"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("path.home"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("system.hostfs"))
	rootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("strict.perms"))
	if f := flag.CommandLine.Lookup("plugin"); f != nil {
		rootCmd.PersistentFlags().AddGoFlag(f)
	}

	// Inherit root flags from run command
	// TODO deprecate when root command no longer executes run (7.0)
	rootCmd.Flags().AddFlagSet(rootCmd.RunCmd.Flags())

	// Register subcommands common to all beats
	rootCmd.AddCommand(rootCmd.RunCmd)
	rootCmd.AddCommand(rootCmd.SetupCmd)
	rootCmd.AddCommand(rootCmd.VersionCmd)
	rootCmd.AddCommand(rootCmd.CompletionCmd)
	rootCmd.AddCommand(rootCmd.ExportCmd)
	rootCmd.AddCommand(rootCmd.TestCmd)
	rootCmd.AddCommand(rootCmd.KeystoreCmd)

	return rootCmd
}

可以看到此处的GenRootCmdWithSettings函数,生成了rooCmd包含的所有的命令,包括RunCmd,SetupCmd等等。咱们主要来看这一行:

rootCmd.RunCmd = genRunCmd(settings, beatCreator)

3.该行生成了beat默认运行的cmd,咱们看看genRunCmd具体干了什么:libbeat/cmd/run.go:

package cmd

import (
	"flag"
	"os"

	"github.com/spf13/cobra"

	"github.com/elastic/beats/v7/libbeat/beat"
	"github.com/elastic/beats/v7/libbeat/cmd/instance"
)

func genRunCmd(settings instance.Settings, beatCreator beat.Creator) *cobra.Command {
	name := settings.Name
	runCmd := cobra.Command{
		Use:   "run",
		Short: "Run " + name,
		Run: func(cmd *cobra.Command, args []string) {
			err := instance.Run(settings, beatCreator)
			if err != nil {
				os.Exit(1)
			}
		},
	}

	// Run subcommand flags, only available to *beat run
	runCmd.Flags().AddGoFlag(flag.CommandLine.Lookup("N"))
	runCmd.Flags().AddGoFlag(flag.CommandLine.Lookup("httpprof"))
	runCmd.Flags().AddGoFlag(flag.CommandLine.Lookup("cpuprofile"))
	runCmd.Flags().AddGoFlag(flag.CommandLine.Lookup("memprofile"))

	if settings.RunFlags != nil {
		runCmd.Flags().AddFlagSet(settings.RunFlags)
	}

	return &runCmd
}

可以看到此处使用cobra.command定义了run命令执行的具体函数,即:

 4.咱们接着看instance.Run函数干了啥,libbeat/cmd/instance/beat.go:

func Run(settings Settings, bt beat.Creator) error {
	err := setUmaskWithSettings(settings)
	if err != nil && err != errNotImplemented {
		return errw.Wrap(err, "could not set umask")
	}

	name := settings.Name
	idxPrefix := settings.IndexPrefix
	version := settings.Version
	elasticLicensed := settings.ElasticLicensed

	return handleError(func() error {
		defer func() {
			if r := recover(); r != nil {
				logp.NewLogger(name).Fatalw("Failed due to panic.",
					"panic", r, zap.Stack("stack"))
			}
		}()
		b, err := NewBeat(name, idxPrefix, version, elasticLicensed)
		if err != nil {
			return err
		}

		// Add basic info
		registry := monitoring.GetNamespace("info").GetRegistry()
		monitoring.NewString(registry, "version").Set(b.Info.Version)
		monitoring.NewString(registry, "beat").Set(b.Info.Beat)
		monitoring.NewString(registry, "name").Set(b.Info.Name)
		monitoring.NewString(registry, "hostname").Set(b.Info.Hostname)

		// Add additional info to state registry. This is also reported to monitoring
		stateRegistry := monitoring.GetNamespace("state").GetRegistry()
		serviceRegistry := stateRegistry.NewRegistry("service")
		monitoring.NewString(serviceRegistry, "version").Set(b.Info.Version)
		monitoring.NewString(serviceRegistry, "name").Set(b.Info.Beat)
		beatRegistry := stateRegistry.NewRegistry("beat")
		monitoring.NewString(beatRegistry, "name").Set(b.Info.Name)
		monitoring.NewFunc(stateRegistry, "host", host.ReportInfo, monitoring.Report)

		return b.launch(settings, bt)
	}())
}

这块代码加载了basic info和什么registry,没仔细看,重点在最后一行:

b.launch(settings, bt)

那继续看这个launch函数,也在libbeat/cmd/instance/beat.go中:

func (b *Beat) launch(settings Settings, bt beat.Creator) error {
	defer logp.Sync()
	defer logp.Info("%s stopped.", b.Info.Beat)

	err := b.InitWithSettings(settings)
	if err != nil {
		return err
	}
	defer func() {
		if err := b.processing.Close(); err != nil {
			logp.Warn("Failed to close global processing: %v", err)
		}
	}()

	// Windows: Mark service as stopped.
	// After this is run, a Beat service is considered by the OS to be stopped
	// and another instance of the process can be started.
	// This must be the first deferred cleanup task (last to execute).
	defer svc.NotifyTermination()

	// Try to acquire exclusive lock on data path to prevent another beat instance
	// sharing same data path.
	bl := newLocker(b)
	err = bl.lock()
	if err != nil {
		return err
	}
	defer bl.unlock()

	// Set Beat ID in registry vars, in case it was loaded from meta file
	infoRegistry := monitoring.GetNamespace("info").GetRegistry()
	monitoring.NewString(infoRegistry, "uuid").Set(b.Info.ID.String())

	serviceRegistry := monitoring.GetNamespace("state").GetRegistry().GetRegistry("service")
	monitoring.NewString(serviceRegistry, "id").Set(b.Info.ID.String())

	svc.BeforeRun()
	defer svc.Cleanup()

	// Start the API Server before the Seccomp lock down, we do this so we can create the unix socket
	// set the appropriate permission on the unix domain file without having to whitelist anything
	// that would be set at runtime.
	if b.Config.HTTP.Enabled() {
		s, err := api.NewWithDefaultRoutes(logp.NewLogger(""), b.Config.HTTP, monitoring.GetNamespace)
		if err != nil {
			return errw.Wrap(err, "could not start the HTTP server for the API")
		}
		s.Start()
		defer s.Stop()
	}

	if err = seccomp.LoadFilter(b.Config.Seccomp); err != nil {
		return err
	}

	beater, err := b.createBeater(bt)
	if err != nil {
		return err
	}

	r, err := b.setupMonitoring(settings)
	if err != nil {
		return err
	}
	if r != nil {
		defer r.Stop()
	}

	if b.Config.MetricLogging == nil || b.Config.MetricLogging.Enabled() {
		reporter, err := log.MakeReporter(b.Info, b.Config.MetricLogging)
		if err != nil {
			return err
		}
		defer reporter.Stop()
	}

	ctx, cancel := context.WithCancel(context.Background())
	var stopBeat = func() {
		b.Instrumentation.Tracer().Close()
		beater.Stop()
	}
	svc.HandleSignals(stopBeat, cancel)

	err = b.loadDashboards(ctx, false)
	if err != nil {
		return err
	}

	logp.Info("%s start running.", b.Info.Beat)

	// Launch config manager
	b.Manager.Start(beater.Stop)
	defer b.Manager.Stop()

	return beater.Run(&b.Beat)
}

中间执行了很多了操作,例如给数据加锁,防止其他beat使用等等,最后一块是重点:

在这里启动了beat的config manager,最后调用了beater.Run,这个Run也就是libbeat/beta/beat.go中定义的:

type Beater interface {
	// The main event loop. This method should block until signalled to stop by an
	// invocation of the Stop() method.
	Run(b *Beat) error

	// Stop is invoked to signal that the Run method should finish its execution.
	// It will be invoked at most once.
	Stop()
}

 至此,从main.go的入口到最后调用实际beat的Run()函数的整个流程就跑通了

ButFlyzzZ
关注
  • 1
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Metricbeat手动加载引擎模板实践,间接采集数据到ES(metricbeat->logstash->es和kafka)
qq_46565258的博客
07-21 414
Metricbeat可以采集指标和统计数据并传输到指定的输出,如Elasticsearch或Logstash。 一般需要将数据输出到ES然后通过Kibana做可视化数据展示,但我有一个需求是对采集的数据进行流式分析,流程是metricbeat->logstash->es和kafka。将采集到的数据传输到Logstash中,再通过logstash做分流传输,采集到es做可视化,采集到kafka做流式数据分析。由于metricbeat本身只支持一个输出,所有它无法完成上述需求,只能通过Logstas
ELK日志分析监控平台
热门推荐
派大星的不眠博客
02-21 1万+
日志对于分析系统、应用的状态十分重要,但一般日志的量会比较大,并且比较分散。 如果管理的服务器或者程序比较少的情况我们还可以逐一登录到各个服务器去查看、分析。但如果服务器或者程序的数量比较多了之后这种方法就显得力不从心。基于此,一些集中式的日志系统也就应用而生。目前比较有名成熟的有,Splunk(商业)、FaceBook 的Scribe、Apache的Chukwa Cloudera的Fluentd、还有ELK等等。
ELK下kibana安装Metricbeat工具_kibana metricbeat(1)
2401_84715732的博客
05-15 383
uptime。
ELK+filebeat+metricbeat+heartbeat+auditbeat安装配置及汉化_filebeat heartbeat
2401_84265802的博客
04-17 631
其次,队列在称为检查点文件的单独文件中记录有关其自身的详细信息(页面,确认等)。这些内存中队列的大小是固定的,不可配置。为了防止异常终止期间的数据丢失,Logstash具有持久队列功能,该功能将消息队列存储在磁盘上。处理队列中的事件时,只有在过滤器和输出完成后,Logstash才会在队列中确认已完成的事件。如果在事件发生时重新启动Logstash,Logstash将尝试传递存储在持久队列中的消息,直到传递成功至少一次。当队列已满时,Logstash会对输入施加压力,以阻止流入Logstash的数据。
HDFS写流程源码分析(一)-客户端
qq_44753451的博客
06-23 1309
环境为hadoop 3.1.3。
全文检索服务_Elastic Stack
LiLi的博客
11-19 3051
集中化日志平台Elastic Stack 一、Elastic Stack概念 1 Elastic Stack介绍 日志在项目中起到了性能监控、异常定位、数据分析等非常重要的作用。虽然主流工具如Tomcat,Nginx等都会生成日志文件。但在分布式架构中,不同的服务部署在不同的服务器上,这样就产生了日志量大,数据分散,搜索不方便等问题。于是我们需要搭建集中式日志平台,将所有节点上的日志进行统一管理,让日志数据最大限度的发挥作用。 Elastic公司提供了一整套搭建集中式日志平台的解决方案。最开始由Elasti
ELK+Kafka+Filebeat日志分析系统详细!!!
m0_64422440的博客
07-13 903
ElasticSearch是一个基于Lucene的开源分布式搜索服务。只搜索和分析日志特点:分布式,配置简洁,自动发现,索引自动分片,索引副本机制,多数据源等。它提供了一个分布式多用户能力的全文搜索引擎。Elasticsearch是用Java开发的,并作为Apache许可条款下的开放源码发布,是第二流行的企业搜索引擎。设计用于云计算中,能够达到实时搜索,稳定,可靠,快速,安装使用方便。在elasticsearch集群中,所有节点的数据是均等的。安装软件主机名IP地址系统版本mes-1-zk。
PROJECT2: 华为云 >> 企业云平台完整架构实例应用分解(第三部Zabbix + ELK 架构日志分析)
weixin_langhua博客
03-28 615
PROJECT2: 华为云 >> 企业云平台完整架构实例应用分解(第三部Zabbix + ELK 架构日志分析) *## 继:**首先准备环境1:部署Zabbix监控服务器;在华为云上部署一台Zabbix监控服务器,监控其他主机。 安装LNMP环境 2.源码安装Zabbix 3.安装监控端主机,修改基本配置 4.初始化Zabbix监控Web页面 5.修改PHP配置文件,满足Zabbix需求 6.监控Zabbix_server自身系统状态 步骤一、部署LNMP环境 1)、购买华为云服务器 基础配置:无 网
起飞!这份技术点拉满的ELk+Lucene笔记,可能价值百万
m0_67698950的博客
09-01 96
Lucene目前业界流行的ElasticSearch和Solr搜索技术底层正是使用Lucene实现的。使用全文检索技术可以构建像百度、谷歌、京东搜索、淘宝搜索等系统和功能。ElasticStack 是一系列开源产品的合集,包括 Elasticsearch、Kibana、Logstash 以及 Beats 等,能够安全可靠地获取任何来源、任何格式的数据,并且能够实时地对数据进行搜索、分析和可视化。其中,Logstash和Beats负责数据的收集,Kibana负责结果数据的可视化展现,Elasticsearch
es实战-Monitoring原理讲解及kibana可视化实战
qq_16164711的博客
08-20 2302
实战结合官方文档进行学习效果更佳,可以参考本人另一篇简书-官方文档-监控集群(Monitor)翻译。 Monitoring学习方法:在官方文档与源码阅读基础之上进行实战操作。 1 Monitoring原理讲解 Monitoring是elastic stack的监控模块,可以用来监控ELKB,监控信息存在es索引中,并且可以通过kibana进行可视化的展示。(收集监控数据的方式从6.5版本起由Collectors-Exporters模式逐步迁移到使用Metricbeat进行收集。) a 官方文档 学习任何模块
Metricbeat-Kafka-Hbase:数据采集​​工具
04-28
Metricbeat 可以监控操作系统、数据库、网络等,并将收集到的数据发送到 Elasticsearch 进行存储和分析,或者直接发送到 Kibana 进行可视化。在本项目中,Metricbeat 负责从 Kafka 和 Hbase 中获取指标信息,为用户...
\"海量日志分析系统实践\"分享总结
04-21
常见的日志收集工具有Fluentd、Logstash和 Beats(如Filebeat、Metricbeat等),它们可以实时、高效地从多个源采集日志,并发送到中央存储或处理系统。 2. **日志存储**:海量日志需要高效的存储解决方案,例如...
对java、scala等运行于jvm的程序进行实时日志采集、索引和可视化
08-20
Beats家族(如Filebeat、M Metricbeat等)则是Elastic公司推出的用于轻量级日志和指标采集的工具,它们直接将数据推送到Elasticsearch或Logstash。 Elasticsearch作为实时搜索引擎,能够快速索引和搜索大量数据,...
log处理
05-25
1. **日志收集**:这一步通常通过日志收集工具完成,如Fluentd、Logstash或 Beats系列(如Filebeat、Metricbeat)。这些工具可以实时地从各种来源(如文件、网络端口)收集日志数据。 2. **日志存储**:收集到的...
ELK日志收集系统搭建
08-13
5. 扩展与优化:随着日志数据量的增长,可能需要对ELK堆栈进行优化,如设置Elasticsearch的分片和副本数量,调整Logstash的工作线程,或者使用Beats(如Filebeat、Metricbeat等)作为轻量级的日志发送工具,减轻...
gitlab以及分支管理
最新发布
ln2915275834的博客
07-25 1444
每次提交,Git都把它们串成一条时间线,这条时间线就是一个分支。截止 到目前,只有一条时间线,在Git里,这个分支叫主分支,即master分支。HEAD 严格来说不是指向提交,而是指向master,而 master才是指向提交 的,所以,HEAD指向的就是当前分支。开始的时候,master分支是一条线,Git 用 master 指向最新的提交,再用 HEAD指向 master,就能确定当前分支,以及当前分支的提交点。
git命令使用详细介绍
有勇气的牛排博客
07-24 1714
Git 的master分支并不是一个特殊分支。之所以几乎每一个仓库都有 master 分支,是因为git init 命令默认创建它,并且大多数人都懒得去改动它。如果当前本地仓库不是从远程仓库克隆,而是本地创建的仓库,并且仓库中存在文件,此时再从远程仓库拉取文件的时候会报错(fatal: refusing to merge unrelated histories ):.git隐藏文件夹的目录就是工作目录,主要用于存放开发的代码。:包含.git文件夹的目录就是工作目录,主要存放开发的代码。
Activiti 6 兼容openGauss数据库bytes类型不匹配
cainiaofeitian的专栏
07-25 293
然后去找了一下postgre 数据库类型跟jdbc的类型对照,bytea对应的是binary,找到resource.xml(位置是org.activiti:activiti-engine:6.0.0/org.activiti/db/mapping/entity/Resource.xml),批量插入的sql把jdbcType修改为binary,重启项目,还是报错。byte_字段是act_ge_bytearray表的,openGauss里的类型是bytea,类型是匹配的。
自定义Metricbeat采集器:MySQL主从状态监控
Metricbeat是Elasticsearch生态中的一个组件,用于定期收集各种服务的指标数据,如MySQL,然后将这些数据发送到Elasticsearch进行存储和分析。 在开始之前,需要确保你的系统中已经安装了ElasticsearchMetricbeat...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值