elasticsearch,Logstash,Kibana,Elastic Stack" />
elasticsearch,logstash,kibana,elastic-stack,Mysql,Mysql 并非所有来自logstash的数据都被elasticsearch索引
Mysql 并非所有来自logstash的数据都被elasticsearch索引,mysql,
elasticsearch,logstash,kibana,elastic-stack,Mysql,
我是ELK stack的新手,我有LogStash将数据从MySQL发送到ElasticSearch,在终端上,它看起来已经发送了所有40000条记录,但当我去Kibana查看时,我发现只输入了200条记录。
这是我使用的日志存储配置文件
# file: simple-out.conf
input {
jdbc {
# Postgres jdbc connection string to our database, mydb
jdbc_connection_string => "jdbc:mysql://localhost:3306/tweets_articles"
# The user we wish to execute our statement as
jdbc_user => "root"
# The path to our downloaded jdbc driver
jdbc_driver_library => "/etc/elasticsearch/elasticsearch-jdbc-2.3.3.1/lib/mysql-connector-java-5.1.38.jar"
# The name of the driver class for Postgresql
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_user => "**"
jdbc_password => "***"
# our query
statement => "SELECT * from tweets"
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
+---------------------+
| PUBLISHED_AT |
+---------------------+
| 2017-03-06 03:43:51 |
| 2017-03-06 03:43:45 |
| 2017-03-06 03:43:42 |
| 2017-03-06 03:43:30 |
| 2017-03-06 03:43:00 |
+---------------------+
5 rows in set (0.00 sec)
"id" => 41298,
"author" => "b'Terk'",
"retweet_count" => "0",
"favorite_count" => "0",
"followers_count" => "49",
"friends_count" => "23",
"body" => "create an ad",
"published_at" => "2017-03-06T07:30:47.000Z",
"@version" => "1",
"@timestamp" => "2017-03-06T06:44:04.756Z"
谢谢。我发现这就是答案。 您可以在这里看到单击的位置。
您是否将kibana配置为随时搜索所有日志条目?我使用了来自Digital Ocean的麋鹿堆叠液滴,但不太确定它是如何配置的。我该怎么做呢?在右上角(我相信),您可以定义您正在搜索的时间范围。此外,您是否可以使用手动ES查询来统计您的所有文档?您可以在Elasticsearch文档中查找API。通过这种方式,您可以执行“全部匹配”查询,该查询将返回所有文档的文档计数。考虑到ES中只有40k个文档,匹配计数也应反映这一点: