理解Elasticsearch||从docs入手

本文主要是介绍理解Elasticsearch||从docs入手，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

Overview

《理解Elasticsearch及初步认知框架》

elastic docs

Terminology

《Getting Started With Elasticsearch》

《Elasticsearch Tutorial for Beginners | Learn the Elastic Stack Architecture | Frank Kane》
Installation

The full stack consists of : Beats, APM Server, Elasticsearch, Elasticsearch Hadoop, Kibana, Logstash.

Installation order for the entire stack.

After completing the installation process, learn how to implement a system monitorinng solution that uses Metricbeat to collect server metrics and ship the data to Elasticsearch. Then use Kibana to search and visualize the data.

《理解TLSv1.2||JVM||libcurl||curl||RHEL||SLES》
Elasticsearch

Elasticsearch is the distributed search and analytics engine at the heart of the Elastic Stack.

Logstash and Beats facilitate collecting, aggregating, and enriching your data and storing it in Elasticsearch.

Kibana enables you to interactively explore, visualize, and share insights you into your data and manage and monitor the stack. 所有与elastic的交互操作可以通过RestfulAPI进行，这个Kibana是对应的可视化工具。

Elasticsearch is where the indexing, search, and analysis magic happens.

Elastic Security is an inbuilt part of Kibana.

Logstash is an open source data collection engine with real-time pipelining capabilities.

Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to each host.

Fleet provides a web-based UI in Kibana to add and manage integrations for popular services and platforms, as well as manage a fleet of Elastic Agents.

Beats are open source data shippers that you install as agets on your servers to send operational data to Elasticsearch.
Log monitoring

The Logs app in Kibana enables you to search, filter, and tail all your logs ingested into Elasticseach. Instead of having to log into different servers, change diretories, and tail individual files, all your logs are avaiable in the Logs app.
中文理解基本概念

Elastic本质是一个分布式数据库，每台服务器可以运行多个Elastic实例；

node : 单个Elastic实例称为一个节点node；

多个节点构成一个集群（cluster）；

Elastic会索引所有字段，处理后写入一个反向索引（Inverted Index）；

Elastic数据管理的顶层单位是Index，每个Index名字必须是小写，等同于数据库；

Index 里面单条的记录称为Document（文档）。许多条Document构成了一个Index。

Document使用JSON格式表示。

Index与Document之间，可以包含分组Type。不同的Type应该有类似的结构schema，

从常用命令入手

# 查看elasticsearch是否启动成功
curl localhost:9200

如果elasticsearch安装在window的WSL系统上,在window上访问localhost并非wsl的localhost,参见《(20201209已解决)从window访问wsl地址》

# 查看当前节点的所有Index
curl -X GET 'http://localhost:9200/_cat/indices?v'
# 查看每个Index所包含的Type
curl 'localhost:9200/_mapping?pretty=true'
# 新建Index
curl -X PUT 'localhost:9200/weather' # 名为weather的Index
# 删除Index
curl -X DELETE 'localhost:9200/weather'
# 向/Index/Type发送PUT请求，增加记录.1是此条记录的Id
curl -X PUT 'localhost:9200/accounts/person/1' -d '
{"user"	:	"name","title"	:	"enginer","desc"	:	"database mangement"
}'
# 不指定Id，通过POST请求新增记录
curl -X POST 'localhost:9200/accounts/person' -d '
{"user"	:	"name","title"	:	"enginer","desc"	:	"database mangement"
}'
# 查看某条记录,pretty=true表示以易读格式返回
curl 'localhost:9200/accounts/person/1?pretty=true'
# 返回所有记录
curl 'localhost:9200/accounts/person/_search'
# 删除记录
curl -X DELETE 'localhost:9200/accounts/person/1'
# 更新某条记录，返回字段_version, result, created会发生改变
curl -X PUT 'localhost:9200/accounts/person/1' -d '
{"user" : "张三","title" : "工程师","desc" : "数据库管理，软件开发"
}' 
# 全文搜索：match查询，指定匹配字段desc里含有software或者time这个词;size指定返回记录数目，默认10
curl 'localhost:9200/accounts/person/_search' -d '
{"query":{"match":{"desc":"software time"}}，“size”:1
}'