es单节点搭建及使用logstash同步mysql数据
2019-07-25 本文已影响0人
droid_zf
下载es7.2
root用户下运行会报错先添加用户
user add es
#切换到es
su es
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-linux-x86_64.tar.gz
tar -zxf elasticsearch-7.2.0-linux-x86_64.tar.gz
cd elasticsearch-7.2.0
- 修改es配置文件
vim config/elasticsearch.yml
#修改以下内容
network.host: 0.0.0.0 #使外网可连接
node.name: "es" #节点名称
cluster.initial_master_nodes: ["es"]
- 后台运行
./bin/elasticsearch -d
如果运行报错请修改linux内核限制
#需要重新登录生效
vim /etc/security/limits.conf
#添加以下内容
elasticsearch soft nofile 65536
elasticsearch hard nofile 65536
elasticsearch soft nproc 4096
elasticsearch hard nproc 4096
vim /etc/sysctl.conf
#添加以下内容
vm.max_map_count=262144
logstash同步mysql数据
su root#切换为root用户
- 下载logstash和相关插件
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.2.0.tar.gz
tar -zxf logstash-7.2.0.tar.gz
cd logstash-7.2.0
wget https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.16/mysql-connector-java-8.0.16.jar
bin/logstash-plugin install logstash-input-jdbc
bin/logstash-plugin install logstash-output-elasticsearch
- 新建同步数据的配置文件mysql.yml
vim mysql.yml
#添加
input {
stdin {
}
#增量更新,第一次运行会同步已有数据,之后会自动同步mysql数据
jdbc {
type => "table_name"
#后面的test对应mysql中的test数据库
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/test?useSSL=false"
jdbc_user => "root"
jdbc_password => "password"
tracking_column => "id"
record_last_run => "true"
use_column_value => "true"
#代表最后一次数据记录id的值存放的位置,它会自动在bin目录创建news,这个必填不然启动报错
last_run_metadata_path => "news"
clean_run => "false"
# 这里代表mysql-connector-java.jar放在bin目录
jdbc_driver_library => "/root/logstash-7.2.0/mysql-connector-java-8.0.16.jar"
# the name of the driver class for mysql
jdbc_driver_class => "Java::com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "500"
statement => "select * from table_name where id > :sql_last_value"
#定时字段 各字段含义(由左至右)分、时、天、月、年,全部为*默认含义为每分钟都更新
schedule => "* * * * *"
}
}
filter {
mutate {
convert => [ "publish_time", "string" ]
rename => { "[host][name]" => "host" }
}
date {
timezone => "Europe/Berlin"
match => ["publish_time" , "ISO8601", "yyyy-MM-dd HH:mm:ss"]
}
#date {
# match => [ "publish_time", "yyyy-MM-dd HH:mm:ss,SSS" ]
# remove_field => [ "publish_time" ]
# }
json {
source => "message"
remove_field => ["message"]
}
}
output {
elasticsearch {
#ESIP地址与端口
hosts => "127.0.0.1:9200"
#ES索引名称(自己定义的)
index => "%{type}"
#自增ID编号
document_id => "%{id}"
}
}
如果只同步已有数据,使用以下配置,更改jdbc
多表添加以下jdbc到mysql.yml,更改type => 表名
#全量同步,需要同步数据时启动logstash
jdbc {
type => "base_ports"
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/test?useSSL=false"
jdbc_user => "root"
jdbc_password => "password"
jdbc_driver_library => "/root/logstash-7.2.0/mysql-connector-java-8.0.16.jar"
jdbc_driver_class => "Java::com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "500"
statement => "select * from base_ports"
schedule => "* * * * *"
}
es7一个索引下不能有多个type! 所以这里mysql的表对应es的索引
- 开始同步数据
./bin/logstash -f mysql.yml
