下載es7.2
root用戶下運行會報錯先添加用戶
user add es
#切換到es
su es
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-linux-x86_64.tar.gz
tar -zxf elasticsearch-7.2.0-linux-x86_64.tar.gz
cd elasticsearch-7.2.0
- 修改es配置文件
vim config/elasticsearch.yml
#修改以下內(nèi)容
network.host: 0.0.0.0 #使外網(wǎng)可連接
node.name: "es" #節(jié)點名稱
cluster.initial_master_nodes: ["es"]
- 后臺運行
./bin/elasticsearch -d
如果運行報錯請修改linux內(nèi)核限制
#需要重新登錄生效
vim /etc/security/limits.conf
#添加以下內(nèi)容
elasticsearch soft nofile 65536
elasticsearch hard nofile 65536
elasticsearch soft nproc 4096
elasticsearch hard nproc 4096
vim /etc/sysctl.conf
#添加以下內(nèi)容
vm.max_map_count=262144
logstash同步mysql數(shù)據(jù)
su root#切換為root用戶
- 下載logstash和相關插件
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.2.0.tar.gz
tar -zxf logstash-7.2.0.tar.gz
cd logstash-7.2.0
wget https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.16/mysql-connector-java-8.0.16.jar
bin/logstash-plugin install logstash-input-jdbc
bin/logstash-plugin install logstash-output-elasticsearch
- 新建同步數(shù)據(jù)的配置文件mysql.yml
vim mysql.yml
#添加
input {
stdin {
}
#增量更新昔期,第一次運行會同步已有數(shù)據(jù)怀吻,之后會自動同步mysql數(shù)據(jù)
jdbc {
type => "table_name"
#后面的test對應mysql中的test數(shù)據(jù)庫
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/test?useSSL=false"
jdbc_user => "root"
jdbc_password => "password"
tracking_column => "id"
record_last_run => "true"
use_column_value => "true"
#代表最后一次數(shù)據(jù)記錄id的值存放的位置,它會自動在bin目錄創(chuàng)建news,這個必填不然啟動報錯
last_run_metadata_path => "news"
clean_run => "false"
# 這里代表mysql-connector-java.jar放在bin目錄
jdbc_driver_library => "/root/logstash-7.2.0/mysql-connector-java-8.0.16.jar"
# the name of the driver class for mysql
jdbc_driver_class => "Java::com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "500"
statement => "select * from table_name where id > :sql_last_value"
#定時字段 各字段含義(由左至右)分佩抹、時、天、月昵慌、年,全部為*默認含義為每分鐘都更新
schedule => "* * * * *"
}
}
filter {
mutate {
convert => [ "publish_time", "string" ]
rename => { "[host][name]" => "host" }
}
date {
timezone => "Europe/Berlin"
match => ["publish_time" , "ISO8601", "yyyy-MM-dd HH:mm:ss"]
}
#date {
# match => [ "publish_time", "yyyy-MM-dd HH:mm:ss,SSS" ]
# remove_field => [ "publish_time" ]
# }
json {
source => "message"
remove_field => ["message"]
}
}
output {
elasticsearch {
#ESIP地址與端口
hosts => "127.0.0.1:9200"
#ES索引名稱(自己定義的)
index => "%{type}"
#自增ID編號
document_id => "%{id}"
}
}
如果只同步已有數(shù)據(jù)淮蜈,使用以下配置斋攀,更改jdbc
多表添加以下jdbc到mysql.yml,更改type => 表名
#全量同步,需要同步數(shù)據(jù)時啟動logstash
jdbc {
type => "base_ports"
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/test?useSSL=false"
jdbc_user => "root"
jdbc_password => "password"
jdbc_driver_library => "/root/logstash-7.2.0/mysql-connector-java-8.0.16.jar"
jdbc_driver_class => "Java::com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "500"
statement => "select * from base_ports"
schedule => "* * * * *"
}
es7一個索引下不能有多個type! 所以這里mysql的表對應es的索引
- 開始同步數(shù)據(jù)
./bin/logstash -f mysql.yml
