Elasticsearch-安装及工具
Elasticsearch 安装及工具
安装 Elasticsearch
Mac Brew 安装 Elasticsearch
brew tap elastic/tap
brew install elastic/tap/elasticsearch-full
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/brew.html
Docker 安装 Elasticsearch 7.6.0
Install Elasticsearch with Docker
https://www.elastic.co/guide/en/elasticsearch/reference/7.6/docker.html
拉取 Elasticsearch 7.6.0 官方 Docker 镜像
从 Elasticsearch 官方仓库 拉取 Elasticsearch 7.6.0 官方镜像
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.0
或者
从 docker hub 拉取 Elasticsearch 7.6.0 官方镜像
https://hub.docker.com/_/elasticsearch
docker pull elasticsearch:7.6.0
我更偏向于从默认的 docker hub 拉取,不需要额外指明仓库前缀。
注意 es 没有 latest 标签,必须指明具体的版本号,否则提示:
Error response from daemon: manifest for elasticsearch:latest not found: manifest unknown: manifest unknown
Docker 中以 single 模式启动 Elasticsearch 7.6.0
docker run -d \
--rm \
--network host \
--name es \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-v /home/centos/git/masikkk/search/es/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /data/es:/usr/share/elasticsearch/data \
elasticsearch:7.6.0
解释下:-d 后台运行--rm 停止容器后删掉容器文件--network host 与宿主机完全共享网络,默认是bridge桥接,无法在nginx中通过localhost转发请求。一般都是通过 -p 9200:9200 -p 9300:9300 做端口映射,我直接共享宿主机网络了。--name es 指定启动的容器名,方便按名称stop等操作-e 设置两个环境变量,es的模式,jvm堆大小-v 映射配置文件,具体说是宿主机配置文件覆盖容器中的配置文件,我的配置文件在 git 仓库中,方便保存,也可以记录修改历史。-v /data/es:/usr/share/elasticsearch/data 把本地目录映射到容器,一遍容器销毁后能保存es数据
docker安装elasticsearch和kibana (7.5.0)
http://www.leileitang.com/views/article/2019/120904.html
curl localhost:9200 测试
es 默认以 9200 端口启动,在服务器本地 curl localhost:9200,结果如下
{
"name" : "node-1",
"cluster_name" : "docker-es",
"cluster_uuid" : "FLmzxlAdQzK0TuewMW1SLw",
"version" : {
"number" : "7.6.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "7f634e9f44834fbc12724506cc1da681b0c3b1e3",
"build_date" : "2020-02-06T00:09:00.449973Z",
"build_snapshot" : false,
"lucene_version" : "8.4.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Elasticsearch 7.x 配置用户名密码(BasicAuth)
1、修改 config/elasticsearch.yml
xpack.security.enabled: true
xpack.license.self_generated.type: basic
2、在 Docker 容器或 Kubernetes 环境中,可以使用环境变量 $ELASTIC_USERNAME 和 $ELASTIC_PASSWORD 配置用户名和密码:
docker run \n
-e ELASTIC_USERNAME=myuser \n
-e ELASTIC_PASSWORD=mypassword \n
docker.elastic.co/elasticsearch/elasticsearch:7.6.0
Docker 安装 Elasticsearch 8.8.2
Install Elasticsearch with Docker
https://www.elastic.co/guide/en/elasticsearch/reference/8.0/docker.html
拉取 Elasticsearch 8.8.2 官方 Docker 镜像
从 Elasticsearch 官方仓库拉取 Elasticsearch 8.8.2 官方镜像
https://www.docker.elastic.co/r/elasticsearch/elasticsearch
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.8.2
或者
从 docker hub 拉取 Elasticsearch 8.8.2 官方镜像
https://hub.docker.com/_/elasticsearch
docker pull elasticsearch:8.8.2
构建带 IK 分词器的 Elasticsearch 8.8.2 Docker 镜像
在一个空目录创建 Elasticsearch8-ik.Dockerfile
FROM elasticsearch:8.8.2
RUN ./bin/elasticsearch-plugin install --batch https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.8.2/elasticsearch-analysis-ik-8.8.2.zip
在当前目录构建 docker build -t elasticsearch:8.8.2-ik -f Elasticsearch8-ik.Dockerfile .
注意 es 与 ik 版本要对应,差最后一位都不行,构建过程中会校验,版本不一致报错:
Exception in thread "main" java.lang.IllegalArgumentException: Plugin [analysis-ik] was built for Elasticsearch version 8.6.1 but version 8.6.2 is running
at org.elasticsearch.plugins.PluginsUtils.verifyCompatibility(PluginsUtils.java:85)
at org.elasticsearch.plugins.cli.InstallPluginAction.loadPluginInfo(InstallPluginAction.java:858)
过程打印日志如下:
$ docker build -t elasticsearch:8.8.2-ik -f Elasticsearch8-ik.Dockerfile .
Sending build context to Docker daemon 86.51MB
Step 1/2 : FROM elasticsearch:8.8.2
8.8.2: Pulling from library/elasticsearch
f0412dfb1aae: Pull complete
14bad5883434: Pull complete
c285faa9f620: Pull complete
4f4fb700ef54: Pull complete
7c3d9862ed44: Pull complete
1418c59bacdf: Pull complete
450b0a61ada7: Pull complete
ff6736a97fc1: Pull complete
50880bcf0295: Pull complete
ef243ce31f27: Pull complete
Digest: sha256:acb934176519afa01f195e06b6085a5159401be37cdd70c2fbcd04890581e41b
Status: Downloaded newer image for elasticsearch:8.8.2
---> 673e6376a286
Step 2/2 : RUN ./bin/elasticsearch-plugin install --batch https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.8.2/elasticsearch-analysis-ik-8.8.2.zip
---> Running in c8c28d0e5790
-> Installing https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.8.2/elasticsearch-analysis-ik-8.8.2.zip
-> Downloading https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.8.2/elasticsearch-analysis-ik-8.8.2.zip
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.net.SocketPermission * connect,resolve
See https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
-> Installed analysis-ik
-> Please restart Elasticsearch to activate any plugins installed
Removing intermediate container c8c28d0e5790
---> f1c85f4ec3f5
Successfully built f1c85f4ec3f5
Successfully tagged elasticsearch:8.8.2-ik
过程中会红字提示 WARNING: plugin requires additional permissions 不过没关系,装插件时加了 --batch 参数就能成功。
容器内的 ik 插件目录: /usr/share/elasticsearch/plugins/analysis-ik
容器内的 ik 插件词典目录: /usr/share/elasticsearch/config/analysis-ik
Docker 中 single 模式主机网络启动 Elasticsearch 8.8.2
docker run -d \
--rm \
--network host \
--name es \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-e "discovery.type=single-node" \
-e "xpack.security.enabled=true" \
-e "xpack.security.http.ssl.enabled=false" \
-v /data/es:/usr/share/elasticsearch/data \
elasticsearch:8.8.2-ik
解释下:-d 后台运行--rm 停止容器后删掉容器文件--network host 与宿主机完全共享网络,默认是bridge桥接,无法在nginx中通过localhost转发请求。一般都是通过 -p 9200:9200 -p 9300:9300 做端口映射,我直接共享宿主机网络了。--name es 指定启动的容器名,方便按名称stop等操作-e 设置4个环境变量,single 模式,jvm堆大小,开启安全特性,但不开启https-v /data/es:/usr/share/elasticsearch/data 把本地目录映射到容器,以便容器销毁后能保存es数据
和安装 7.6 版本时不同,安装 8.x 没有挂载 elasticsearch.yml 配置文件,一方面是挂载报错,另一方面配置文件里的配置项都放在环境变量里更方便,不需要配置文件
Mac 上安装时由于无 host 网络需要开启端口映射:
docker run -d \
--rm \
-p 9200:9200 \
--name es \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-e "discovery.type=single-node" \
-e "xpack.security.enabled=true" \
-e "xpack.security.http.ssl.enabled=false" \
-v /tmp/esdata:/usr/share/elasticsearch/data \
elasticsearch:8.8.2-ik
关闭 Elasticsearch 8.0 默认打开的安全特性
Elasticsearch 8.0 默认是打开安全特性的,需要 https 访问,需要证书、账号密码,本地测试使用不方便。
启动 es 时添加下面配置,关闭安全特性,之后不需要 https 访问,也不需要输入用户名密码了。
xpack.security.enabled: false
xpack.security.http.ssl.enabled: false
Elastic Stack 8.0 安装 - 保护你的 Elastic Stack 现在比以往任何时候都简单
https://elasticstack.blog.csdn.net/article/details/122874932
开启 Elasticsearch 8.0 基本安全配置(有账号密码,无https)
只开启 Basic authentication 即账号密码访问,但不开启 SSL/TLS(HTTPS)
1、修改配置如下,开启安全配置,但不开启 ssl
xpack.security.enabled: true
xpack.security.http.ssl.enabled: false
启动时提示开启安全配置后必须开启 ssl,但 discovery.type=single-node 模式下(单节点模式,即非生产模式)可忽略此提示继续使用基本安全配置
{"@timestamp":"2023-09-09T06:54:41.125Z", "log.level": "WARN", "message":"Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"lightsail","elasticsearch.cluster.name":"docker-cluster"}
开启安全特性后,直接 curl localhost:9200 会报错:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "missing authentication credentials for REST request [/]",
"header": {
"WWW-Authenticate": [
"Basic realm="security" charset="UTF-8"",
"ApiKey"
]
}
}
],
"type": "security_exception",
"reason": "missing authentication credentials for REST request [/]",
"header": {
"WWW-Authenticate": [
"Basic realm="security" charset="UTF-8"",
"ApiKey"
]
}
},
"status": 401
}
2、Docker 启动 es 容器后,docker exec -it es bash 进入 es 容器
进入后默认在 /usr/share/elasticsearch 目录下
可以使用 elasticsearch-setup-passwords 命令行工具交互式设置 es 内置用户密码:
./bin/elasticsearch-setup-passwords interactive
******************************************************************************
Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This command will be removed in a future release.
******************************************************************************
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]
但是提示此工具即将废弃,那我们就用最新的工具 elasticsearch-reset-password,给内置用户 elastic 交互式设置密码
./bin/elasticsearch-reset-password -u elastic -i
This tool will reset the password of the [elastic] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]
elasticsearch-setup-passwords
https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-passwords.html
elasticsearch-reset-password
https://www.elastic.co/guide/en/elasticsearch/reference/current/reset-password.html
Elasticsearch:设置 Elastic 账户安全
https://elasticstack.blog.csdn.net/article/details/100548174
curl localhost:9200 测试
curl localhost:9200
开启账号密码后 curl -u elastic:pswd ‘http://localhost:9200'
或 curl ‘http://elastic:pswd@localhost:9200'
{
"name" : "lightsail",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "n01j6aRZTNef5ReijFdTvQ",
"version" : {
"number" : "8.8.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "98e1271edf932a480e4262a471281f1ee295ce6b",
"build_date" : "2023-06-26T05:16:16.196344851Z",
"build_snapshot" : false,
"lucene_version" : "9.6.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
Elasticsearch 安装启动问题
vm.max_map_count [65530] is too low
es 启动报错
{"type": "server", "timestamp": "2020-04-18T14:20:24,003Z", "level": "WARN", "component": "o.e.b.BootstrapChecks", "cluster.name": "docker-es", "node.name": "node-1", "message": "max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]" }
或
bootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决:
修改系统 vm.max_map_count 的值:
echo "vm.max_map_count=262144" > /etc/sysctl.conf
sysctl -p
FileSystemException: elasticsearch.yml: Device or resource busy
Docker 安装 Elasticsearch 8.0 时挂载 elasticsearch.yml 报错:
Exception in thread "main" java.nio.file.FileSystemException: /usr/share/elasticsearch/config/elasticsearch.yml.Z_bTEuWoTKq5OukBFf2kZg.tmp -> /usr/share/elasticsearch/config/elasticsearch.yml: Device or resource busy
官方论坛上好像也没解决这个问题,给出的建议是把配置放到 -e 环境变量里。
the default discovery settings are unsuitable for production use
Elasticsearch 8.0 官方的 docker single 模式安装命令中没有指定 -e "discovery.type=single-node" 变量,我以为默认就是 single 模式呢,结果启动时报下面错误,后来加上这个配置才行
bootstrap check failure [1] of [2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
cannot downgrade a node from version [8.6.2] to version [8.6.1]
{"@timestamp":"2023-03-20T13:45:01.949Z", "log.level":"ERROR", "message":"fatal exception while booting Elasticsearch", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.Elasticsearch","elasticsearch.node.name":"lightsail","elasticsearch.cluster.name":"docker-cluster","error.type":"java.lang.IllegalStateException","error.message":"cannot downgrade a node from version [8.6.2] to version [8.6.1]","error.stack_trace":"java.lang.IllegalStateException: cannot downgrade a node from version [8.6.2] to version [8.6.1]\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.env.NodeMetadata.verifyUpgradeToCurrentVersion(NodeMetadata.java:128)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.env.NodeMetadata.upgradeToCurrentVersion(NodeMetadata.java:135)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.env.NodeEnvironment.loadNodeMetadata(NodeEnvironment.java:627)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:326)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.node.Node.<init>(Node.java:478)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.node.Node.<init>(Node.java:322)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:214)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:214)\n\tat org.elasticsearch.server@8.6.1/org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67)\n"}
数据目录中存储了 8.6.2 版本的数据,后来启动 8.6.1 版本尝试加载此数据会报错
https://discuss.elastic.co/t/elasticsearch-failed-immediately/196777
AccessDeniedException /usr/share/elasticsearch/data/nodes
想把宿主机目录绑定到 es 容器的 /usr/share/elasticsearch/data 目录,但宿主机目录权限不够,导致es无法启动
org.elasticsearch.bootstrap.StartupException: ElasticsearchException[failed to bind service]; nested: AccessDeniedException[/usr/share/elasticsearch/data/nodes];
ElasticsearchException[failed to bind service]; nested: AccessDeniedException[/usr/share/elasticsearch/data/nodes];
Likely root cause: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes
原因: docker 容器对宿主机的 /data/es 目录没有写权限
解决:修改目录权限即可chmod 777 /data/es
或chown -R 1000:1000 /data/es
在使用docker来部署elasticsearch服务时,通常需要把elasticsearch的索引数据和日志数据映射到本地进行持久化存储,但是经常会遇到权限问题:elasticsearch无法读取数据或者无法写入日志文件,主要有两种处理方法:
1、将外部文件权限全部打开,有一定安全风险
2、将镜像内文件与宿主机文件的用户及组id统一,因为在校验权限时通过uid和gid来验证,官方elasticsearch镜像内部为elasticsearch用户,uid和gid为1000,因此我们也将外部用户及组id修改为1000
plugin requires additional permissions
有些 es 插件需要额外的权限,安装时会让用户确认,如果使用自动脚本安装,可设置 --batch 参数,这个参数告诉插件当前是自动脚本安装,自动获取所有权限。
Using custom Docker images
https://www.elastic.co/guide/en/elasticsearch/reference/7.6/docker.html#_c_customized_image
Other command line parameters
https://www.elastic.co/guide/en/elasticsearch/plugins/7.6/_other_command_line_parameters.html
Transport SSL must be enabled if security is enabled on a [basic] license
es pod 启动报错:
ERROR: [1] bootstrap checks failed
[1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/elasticsearch/logs/det-es-7.log
原因:
启用了安全性,但没有启用传输层安全性(Transport SSL)。默认情况下,Elasticsearch需要在基础许可证下启用Transport SSL以启用安全性。
解决:
1、启用Transport SSL
xpack.security.transport.ssl.enabled: true
2、禁用安全性:
xpack.security.enabled: false
Elasticsearch 安装 IK 分词器插件
medcl / elasticsearch-analysis-ik
https://github.com/medcl/elasticsearch-analysis-ik
两种方式
1、执行 docker exec 命令进入容器,再按照物理机的步骤来安装,缺点是每次创建容器都要安装一次。
2、打包一个安装了 ik 分词器的 elasticsearch docker 镜像,这样每个容器运行的时都自带了ik分词器。
这里使用第二种方式,步骤在 Docker 安装 Elasticsearch 中。
存储的时候,使用 ik_max_word,搜索的时候,使用 ik_smart
curl -XPOST http://localhost:9200/index/_mapping -H 'Content-Type:application/json' -d'
{
"properties": {
"content": {
"type": "text",
"analyzer": "ik_max_word",
"search_analyzer": "ik_smart"
}
}
}'
IK 分词器词典配置
IKAnalyzer.cfg.xml ik词典配置文件
容器内词典目录 /usr/share/elasticsearch/config/analysis-ik
IKAnalyzer.cfg.xml 配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment>IK Analyzer 扩展配置</comment>
<!--用户可以在这里配置自己的扩展字典 -->
<entry key="ext_dict">custom/mydict.dic;custom/single_word_low_freq.dic</entry>
<!--用户可以在这里配置自己的扩展停止词字典-->
<entry key="ext_stopwords">custom/ext_stopword.dic</entry>
<!--用户可以在这里配置远程扩展字典 -->
<entry key="remote_ext_dict">location</entry>
<!--用户可以在这里配置远程扩展停止词字典-->
<entry key="remote_ext_stopwords">http://xxx.com/xxx.dic</entry>
</properties>
自定义词库
1、config/analysis-ik 中创建 custom 目录,并在目录内创建 mydict.dic 文件,mydict.dic 是自定义词库
2、修改 IKAnalyzer.cfg.xml 配置文件
<!--用户可以在这里配置自己的扩展字典 -->
<entry key="ext_dict">/custom/mydict.dic</entry>
热更新 IK 词典
ELK专栏之IK分词器和Java api操作索引–05
https://cloud.tencent.com/developer/article/2128850
使用nginx搭建ik分词器自定义词库
https://blog.csdn.net/Jjs_Object/article/details/119915292
更新词库后需要重建索引
1、词库用于查询query的分词时,不需要重建索引。
2、词库用于索引文档时:
对于已经配置了IK分词的索引,在IK词典冷更新或热更新操作完成后将只对新数据(包含新增数据和更新后的数据)生效。如果您希望对全部数据生效,需要重建索引。
https://help.aliyun.com/zh/es/user-guide/use-the-analysis-ik-plug-in
ik词库不支持带标点符号的词
比如想把 “合理、合法” 当做一个词,默认是不支持的。即使把它放在词库里,还是会被分为两个词,网上有修改 ik 源码支持带标点符号词典的方式。
安装 Kibana
Mac Brew 安装 Kibana
brew tap elastic/tap
brew install elastic/tap/kibana-full
安装结果:
Config: /opt/homebrew/etc/kibana/
If you wish to preserve your plugins upon upgrade, make a copy of
/opt/homebrew/opt/kibana-full/plugins before upgrading, and copy it into the
new keg location after upgrading.
启动:
To start elastic/tap/kibana-full now and restart at login:
brew services start elastic/tap/kibana-full
安装目录:
/opt/homebrew/Cellar/kibana-full/7.17.4: 37,690 files, 630.8MB, built in 48 seconds
配置es地址:
/opt/homebrew/etc/kibana/kibana.yml
elasticsearch.hosts: [“http://10.234.161.158:8200"]
logging.dest: /tmp/kibana.log
https://www.elastic.co/guide/en/kibana/7.17/brew.html
Calling plist_options is disabled
问题
brew install elastic/tap/kibana-full 报错
Error: elastic/tap/kibana-full: Calling plist_options is disabled! Use service.require_root instead.
解决:
参考 https://github.com/elastic/homebrew-tap/issues/146
plist_options :manual => “kibana” 改为 plist_options = “kibana”
Kibana 7.17 不兼容 Elasticsearch 7.6.1
kibana 启动报错:
{“type”:”log”,”@timestamp”:”2023-11-22T13:05:39+08:00”,”tags”:[“error”,”elasticsearch-service”],”pid”:25174,”message”:”This version of Kibana (v7.17.4) is incompatible with the following Elasticsearch nodes in your cluster: v7.6.1 @ 10.233.67.59:9200 (10.233.67.59), v7.6.1 @ 10.233.66.64:9200 (10.233.66.64), v7.6.1 @ 10.233.64.69:9200 (10.233.64.69)”}
Docker 安装 Kibana 7.6.0
拉取 Kibana 7.6.0 官方镜像
https://hub.docker.com/_/kibana
从 dockerhub 拉取 kibana 7.6.0 官方镜像
docker pull kibana:7.6.0
当然也可以从 es 官方镜像仓库拉取
docker pull docker.elastic.co/kibana/kibana:7.6.0
我用的是 docker hub
M1 Mac 7.6.1 arm64 镜像
7.6.1 arm64 镜像
docker pull virb3/kibana:7.6.1-arm64
Docker 启动 Kibana 7.6.0
docker run -d \
--rm \
--network host \
--name kibana \
-e ELASTICSEARCH_HOSTS=http://127.0.0.1:9200 \
kibana:7.6.0
解释下:-d 后台运行--rm 停止容器后删掉容器文件--network host 与宿主机完全共享网络,默认是bridge桥接,无法在nginx中通过localhost转发请求。一般都是通过 -p 5601:5601 做端口映射,我直接共享宿主机网络了。--name kibana 指定启动的容器名,方便按名称stop等操作-e 设置环境变量 ELASTICSEARCH_HOSTS,指定连接的 es 服务地址,不指定的话默认是 http://localhost:9200
注意低版本的 kibana 中用 ELASTICSEARCH_URL 指定 es 地址,高版本中改为 ELASTICSEARCH_HOSTS 了
Kibana Guide [7.6] » Set Up Kibana » Running Kibana on Docker
https://www.elastic.co/guide/en/kibana/current/docker.html#docker
配置 Index
http://localhost:5601
打开 kibana 后首先会让配置 index,我只建立了一个名为 article 的索引,也不需要使用正则匹配,pattern 直接填 article 即可
Kibana 创建索引匹配模式
创建完索引匹配模式后,可以直接在 discover 中查看这个模式匹配的索引的数据,这里我直接就可以看到我的 article 索引的所有数据了:
Kibana查看索引数据
Elasticsearch 工具
elasticvue
https://elasticvue.com/
https://github.com/cars10/elasticvue
elastron
https://elastron.eney.solutions/#features
elasticsearch-head
mobz / elasticsearch-head
https://github.com/mobz/elasticsearch-head
elasticsearch-head 是一个 ES 集群的可视化管理界面,可以查看 es 集群信息,查询、操作数据等,否则只能通过 restful api 和 es 交互,不直观。
Docker 安装 elasticsearch-head:5
1、docker 拉取 elasticsearch-head 官方镜像
docker pull mobz/elasticsearch-head:5
2、启动 es-head
docker run -d \
--rm \
--network host \
--name es-head \
mobz/elasticsearch-head:5
默认启动端口 9100 ,可以通过 -p 9100:9100 把容器的 9100 端口暴露出来,我这里为了方便 nginx 转发,直接 --network host 共享主机网络了。
Chrome 扩展安装 elasticsearch-head
打开链接安装插件
https://chrome.google.com/webstore/detail/elasticsearch-head/ffmkiejjmecolpfloofpjologoblkegm
或 Chrome 应用商店中搜索 ElasticSearch Head,提供方:travistx
通过 Chrome 扩展安装的好处是无需启用 es 的 CORS 跨域策略就能连接 es 集群。
elasticsearch-head 已从 Chrome 扩展商店下架,可以使用 Multi Elasticsearch Head 代替
https://chrome.google.com/webstore/detail/multi-elasticsearch-head/cpmmilfkofbeimbmgiclohpodggeheim
elasticsearch-head 连接 ES 集群
启动后打开 localhost:9100 出现下图,点击连接本地的 es 集群。
elasticsearch-head 初始界面
连接上es集群后如图:
elasticsearch-head 查看ES结点状态
elasticsearch-head 无法连接 ES(ES 未开启跨域)
除了通过 Chrome 插件的形式安装 elasticsearch-head,其他的安装方式都需要 es 本身开启 CORS 跨域才能连接,否则连接不上。
修改elasticsearch.yml,增加如下字段
http.cors.enabled: true
http.cors.allow-origin: "*"
elasticsearch-head 连接高版本 ES 报错 406
问题:
elasticsearch-head:5 连接 es 7.16,概览和索引信息都可以查看,但数据浏览中看不到数据,f12 后台看到返回错误
{
"error":"Content-Type header [application/x-www-form-urlencoded] is not supported",
"status":406
}
原因:
高版本 es 增加了严格的 Content-Type 内容类型检查,也是防止 CSRF 攻击的一层保护
解决:
进 es-head 容器,修改 /usr/src/app/_site/vendor.js 文件,将
contentType: “application/x-www-form-urlencoded” 替换为 contentType: “application/json”
有两处要修改,但 es-head 容器内没 vi 编辑器,无法编辑文件。
将 /usr/src/app/_site/vendor.js 从容器中拷贝出来,编辑后再拷贝进容器
docker cp es-head:/usr/src/app/_site/vendor.js ./
docker cp vendor.js es-head:/usr/src/app/_site/vendor.js
上一篇 GlusterFS
页面信息
location:protocol: host: hostname: origin: pathname: href: document:referrer: navigator:platform: userAgent: