{"type":"log","@timestamp":"2019-01-21T08:57:51Z","tags":["status","plugin:elasticsearch@6.5.2","error"],"pid":1,"state":"red","message":"Status changed from yellow to red - Request Timeout after 3000ms","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"} 1. First use oss FROM docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.2 FROM docker.elastic.co/kibana/kibana-oss:6.5.2 So Not X-pack problem 2. Truly Problem is connect to elasticsearch failed Even login kibana docker then ping elasticsearch docker that get response. But kibana logs always get this error message. kibana website message “Kibana server is not ready yet” Try to get docker elasticsearch ip, change docker kibana.

繼續閱讀

https://blog.csdn.net/qq_38486203/article/details/80817037 Search minedNumber GET /filebeat-6.*-geth*/_search?q=geth_ip:xxx.xxx.xxx.xxx { "_source": ["name", "minedNumber", "gethdate"], "sort": [ { "gethdate": { "order": "desc" } } ], "from": 1, "size": 1 } Get minedNumber curl -XGET "http://xxx.xxx.xxx.xxx:9200/filebeat-6.*-geth*/_search?q=geth_ip:xxx.xxx.xxx.xxx" -H 'Content-Type: application/json' -d' { "_source": ["name", "minedNumber", "gethdate"], "sort": [ { "gethdate": { "order": "desc" } } ], "from": 1, "size": 1 }' | jq ".hits.hits[]._source.minedNumber"

繼續閱讀

Kibana Dev Tools GET _cat GET _cat/indices?v GET _cat/indices?v&s=index GET _cat/segments?v GET /_settings GET /_stats GET /_template GET _cluster/health GET filebeat-6.5.1-2019.01.01 POST filebeat-6.5.1-2019.01.01 PUT filebeat-6.5.1-2019.01.01 DELETE filebeat-6.5.1-2019.01.01 GET filebeat-6.5.1-2019.01.* POST filebeat-6.5.1-2019.01.* PUT filebeat-6.5.1-2019.01.* DELETE filebeat-6.5.1-2019.01.* GET filebeat-6.5.1-2019.01.01/_stats GET filebeat-6.5.1-2019.01.01/_mapping POST /_refresh POST /_cache/clear POST /_flush/synced ?v show column name Segments Merge https://my.oschina.net/fufangchun/blog/1541156 https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-forcemerge.html#forcemerge-multi-index GET _cat/segments?v POST /filebeat-6.5.1-2019.01.01/_forcemerge?max_num_segments=1&flush=true https://my.oschina.net/weiweiblog/blog/2989931

繼續閱讀

filter { if [etltype] == "blocks" { #[fields][srctype] csv { columns => [ "number", "hash", "parent_hash", "nonce", "sha3_uncles", "logs_bloom", "transactions_root", "state_root", "receipts_root", "miner", "difficulty", "total_difficulty", "size", "extra_data", "gas_limit", "gas_used", "timestamp", "transaction_count" ] separator => "," remove_field => ["message"] skip_empty_columns => true skip_empty_rows => true } }else if [etltype] == "contracts" { #[fields][srctype] csv { columns => [ "address", "bytecode", "function_sighashes", "is_erc20", "is_erc721" ] separator => "," remove_field => ["message"] skip_empty_columns => true skip_empty_rows => true } }else if [etltype] == "logs" { #[fields][srctype] csv { columns => [ "log_index", "transaction_hash", "transaction_index", "block_hash", "block_number", "address", "data", "topics" ] separator => "," remove_field => ["message"] skip_empty_columns => true skip_empty_rows => true } }else if [etltype] == "receipts" { #[fields][srctype] csv { columns => [ "transaction_hash", "transaction_index", "block_hash", "block_number", "cumulative_gas_used", "gas_used", "contract_address", "root", "status" ] separator => "," remove_field => ["message"] skip_empty_columns => true skip_empty_rows => true } }else if [etltype] == "token_transfers" { #[fields][srctype] csv { columns => [ "" ] separator => "," remove_field => ["message"] skip_empty_columns => true skip_empty_rows => true } }else if [etltype] == "tokens" { #[fields][srctype] csv { columns => [ "" ] separator => "," remove_field => ["message"] skip_empty_columns => true skip_empty_rows => true } }else if [etltype] == "transactions" { #[fields][srctype] csv { columns => [ "hash", "nonce", "block_hash", "block_number", "transaction_index", "from_address", "to_address", "value", "gas", "gas_price", "inputcontext" ] separator => "," remove_field => ["message"] skip_empty_columns => true skip_empty_rows => true } } } output { if [etltype] == "blocks" { elasticsearch { hosts => "xxx.

繼續閱讀

https://segmentfault.com/a/1190000002972420 通配符 ? 匹配单个字符 * 匹配0到多个字符 kiba?a, el*search ? * 不能用作第一个字符,例如:?text *text ==================== 正则 es支持部分正则功能,性能较差 name:/joh?n(ath[oa]n)/ ==================== 模糊搜索 quikc~ brwn~ foks~ ~:在一个单词后面加上~启用模糊搜索,可以搜到一些拼写错误的单词 first~ 这种也能匹配到 frist 还可以设置编辑距离(整数),指定需要多少相似度 cromm~1 会匹配到 from 和 chrome 默认2,越大越接近搜索的原始值,设置为1基本能搜到80%拼写错误的单词 ==================== 逻辑操作 AND OR +:搜索结果中必须包含此项 -:不能含有此项 +apache -jakarta test aaa bbb:结果中必须存在apache,不能有jakarta,剩余部分尽量都匹配到 ==================== 分组 (jakarta OR apache) AND jakarta ==================== 转义特殊字符 + - = && || > < ! ( ) { } [ ] ^ " ~ * ?

繼續閱讀

作者的圖片

Sue boy

Sueboy Can support You

CIO

Taiwan