乐趣区

关于elasticsearch:Elasticsearch-收集ES集群的慢查询

一、开启 ES 集群慢查问
三种形式 https://www.elastic.co/guide/…
形式 1、在 elasticsearch.yml 文件中增加相干配置(需重启节点失效)
**# 查问慢日志 **
index.search.slowlog.threshold.query.warn: 10s
index.search.slowlog.threshold.query.info: 5s
index.search.slowlog.threshold.query.debug: 2s
index.search.slowlog.threshold.query.trace: 500ms
index.search.slowlog.threshold.fetch.warn: 1s
index.search.slowlog.threshold.fetch.info: 800ms
index.search.slowlog.threshold.fetch.debug: 500ms
index.search.slowlog.threshold.fetch.trace: 200ms
index.search.slowlog.level: info
**# 写过程慢日志 **
index.indexing.slowlog.threshold.index.warn: 10s
index.indexing.slowlog.threshold.index.info: 5s
index.indexing.slowlog.threshold.index.debug: 2s
index.indexing.slowlog.threshold.index.trace: 500ms
index.indexing.slowlog.level: info
index.indexing.slowlog.source: 1000
形式 2、执行 API 动静批改某些索引的慢查问日志
PUT /my-index-000001/_settings 
{ 
 "index.search.slowlog.threshold.query.warn": "10s",
 "index.search.slowlog.threshold.query.info": "5s", 
 "index.search.slowlog.threshold.query.debug": "2s",
 "index.search.slowlog.threshold.query.trace": "500ms",
 "index.search.slowlog.threshold.fetch.warn": "1s",
 "index.search.slowlog.threshold.fetch.info": "800ms",
 "index.search.slowlog.threshold.fetch.debug": "500ms",
 "index.search.slowlog.threshold.fetch.trace": "200ms",
 "index.search.slowlog.level": "info"
 "index.indexing.slowlog.threshold.index.warn": "10s",
 "index.indexing.slowlog.threshold.index.info": "5s",
 "index.indexing.slowlog.threshold.index.debug": "2s",
 "index.indexing.slowlog.threshold.index.trace": "500ms",
 "index.indexing.slowlog.level": "info",
 "index.indexing.slowlog.source": "1000" 
}
形式 3、在 template 的 settings 中设置慢查问配置
PUT _template/us_data 
{ 
  "order": 5,
  "index_patterns": ["*"], 
  "settings": { 
  "index": {
    "lifecycle": {"name": "ilm_elk"},
    "codec": "best_compression",
    "routing": {
      "allocation": {"total_shards_per_node": "1"}
    },
    "search": {
      "slowlog": {
        "level": "info",
        "threshold": {
          "fetch": {
            "warn": "2s",
            "debug": "800ms",
            "info": "1s"
          },
          "query": {
            "warn": "10s",
            "debug": "2s",
            "info": "5s"
          }
        }
      }
    },
    "refresh_interval": "50s",
    "indexing": {
      "slowlog": {
        "level": "info",
        "threshold": {
          "index": {
            "warn": "10s",
            "debug": "2s",
            "info": "5s"
          }
        },
        "source": "2000"
      }
    },
    "number_of_shards": "1",
    "translog": {
      "flush_threshold_size": "2gb",
      "sync_interval": "120s",
      "durability": "async"
    },
    "merge": {
      "scheduler": {"max_thread_count": "2"}
    },
    "unassigned": {
      "node_left": {"delayed_timeout": "30m"}
    },
    "number_of_replicas": "1"
  }
    }, 
  "mappings": {}, 
  "aliases": {}}
二、应用 filebeat 收集慢查问日志到 ES
三、应用 kibana 可视化慢查问日志
退出移动版