ELK（分布式大数据搜索和日志挖掘及可视化）之实战（先不要审核只是保存一些记录）

最新推荐文章于 2024-04-25 09:33:49 发布

PeterGss

最新推荐文章于 2024-04-25 09:33:49 发布

阅读量844

点赞数

文章标签： elk

本文链接：https://blog.csdn.net/qq_32674727/article/details/78015751

版权

logstash 配置

input{

file{

path =>"opt/logs/*.sql"

type =>"logjson"

start_position => "beginning"

sincedb_path =>"/dev/null"

}

filter{

json{

#将默认中的message内容转换成json内容，并删除message域

source => "message"

remove_field =>"message"

}

output{

elasticsearch{

hosts =>["172.16.117.93:9200"]

index =>"query"

document_type=> "%{type}"

flush_size=>20000

idle_flush_time =>10

}

es

public class ESsearch{

static Essearch ts=new ESearch();

static Client client =ts.TransportClientContect();

//返回client对象

public Client TransportClientContect(){

Settings settings =Setting.settingsBuilder().put("cluster.name","topic").build();

Client client=null;

try{

client =TransportClient.builder().setting(settings).build()

.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName("172.16.117.93"),9300));

}catch(){}

return client;

}

}

}

class ESmain{

static ESearch ts=new ESearch();

static Client client=ts.TransportClientContect();

public static void main(String[] args) throws IOException{

Excel excel =new Excel();

Instant startClock=Instant.now();

System.out.println("开始时间"+startClock );

String index="logstash-sql---3p";

String type="loghson";

String value;

List<String> stringList=new ArrayList<String>();

//scroll模式启动每次50000

SearchResponse scrollResponse=client.prepareSearch(index)

.setSearchType(SearchType.SCAN).setSize(10000)

.setQuery(QueryBuilders.matchAllQuery())

.setQuery(QueryBuilders.boolQuery()

.must(QueryBuilders.matchQuery("q1","q1v"))

.operator(prg.elasticsearch.index.query.MatchQueryBuilder.Operator.AND)

.must(QueryBuilders.matchQuery("q2","q2v") )

setScroll(TimeVakue.timeValueMinutes（1）)

.execute().actionGet();

int count =(int)scrollResponse.getHits().getTotalHits();//第一次不返回数据

for(int i=0,sum=0;sum<count;i++){

scrollResponse=client.prepareSearchScroll(scrollResponse.getScrollId())

.setScroll(Timevalue.timeValueMinutes(8))

.execute().actionGet();

sum+=scrollResponse.getHits().hits().length;

for(SearchHit hit:srollResponse.getHits()){

value=hits.getSource.get("param").toString();

stringList.add(value);

}

File destFile=new File("./output/"+i+".xls");

try{

excel.createStringExcelFile(stringList,destFile);

}catch(){}

StringList.clear();

System.out.println("总数："+count+"已查到："+sum);

}

}

}

PeterGss

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ELK（分布式大数据搜索和日志挖掘及可视化）之实战（先不要审核只是保存一些记录）

logstash 配置input{ file{ path =>"opt/logs/*.sql" type =>"logjson" start_position => "beginning" sincedb_path =>"/dev/null" }}filter{ js
复制链接

扫一扫