主页 / coding / 问题 / 78581386
Accepted
Linux_Admin
Asked: 2024-06-05 21:32:59 +0800 CST

ELK 索引名称在第二天展期时不会更改

  • 772

我正在使用 ELK (elasticsearch-8.12.0-1.x86_64) 来存储 kong API 网关日志。我正在使用 ILM(索引生命周期管理)策略来管理索引保留,并且我在 Logstash 管道配置文件中提到了它。

我注意到新创建的索引是使用以下命名约定创建的,尽管它们是在不同日期创建的:

kong-2022-11-17-000001
kong-2022-11-17-000002
kong-2022-11-17-000003
kong-2022-11-17-000004
kong-2022-11-17-000005
kong-2022-11-17-000006

如何更改命名约定以包含创建日期,如下所示:

kong-2022-11-17-000001
kong-2022-11-17-000002
kong-2022-11-17-000003
kong-2022-12-25-000001
kong-2023-01-01-000001

/etc/logstash/kong.conf

elasticsearch {
    hosts => ["https://elastic01:elastic_port" , "https://elastic02:elastic_port" , "https://elastic03:elastic_port"]
    user => "elastic_user"
    password => elastic_user_password
    ssl => true
    ssl_certificate_verification => false
    cacert => "/etc/logstash/http_ca.crt"
    ilm_rollover_alias => "kong"
    ilm_pattern => "{now/d}-000001"
    ilm_policy => "kong-index-policy"

kong-索引-模板

{
  "index": {
    "lifecycle": {
      "name": "kong-index-policy",
      "rollover_alias": "kong"
    },
    "mapping": {
      "total_fields": {
        "limit": "10000"
      }
    },
    "refresh_interval": "5s"
  }
}

kong指数政策

{
  "policy": "kong-index-policy",
  "phase_definition": {
    "min_age": "0ms",
    "actions": {
      "rollover": {
        "max_age": "180d",
        "max_primary_shard_size": "10gb"
      },
      "set_priority": {
        "priority": 100
      }
    }
  },

我尝试配置 ILM 策略来管理索引滚动并使用创建日期创建新索引,但它无法正常工作。

  • Update01:我尝试了以下命令:

    PUT %3Ckong-%7Bnow%2Fd%7D-000001%3E
{
 "aliases": {
   "kong": {
     "is_write_index": true
   }
 }
}

但我有以下错误:

```
{
  "error": {
    "root_cause": [
      {
        "type": "illegal_state_exception",
        "reason": "alias [kong] has more than one write index [kong-2024.06.05-000001,kong-2022-11-24-000009]"
      }
    ],
    "type": "illegal_state_exception",
    "reason": "alias [kong] has more than one write index [kong-2024.06.05-000001,kong-2022-11-24-000009]"
  },
  "status": 500
}
```

为了解决该错误,我使用以下命令切换了kong-2022-11-24-000009索引,然后继续执行提供的解决方案:

```
POST /_aliases
{
  "actions": [
    {
      "add": {
        "index": "kong-2022-11-24-000009",
        "alias": "kong",
        "is_write_index": false
      }
    }]
}
```
elasticsearch

1 个回答

  1. Best Answer

    如果您对时间序列数据使用索引别名,则可以在索引名称中使用日期数学来跟踪滚动日期。例如,您可以创建一个指向名为 的索引的别名 <my-index-{now/d}-000001>。如果您于 2099 年 5 月 6 日创建索引,则索引名称为my-index-2099.05.06-000001。如果您在 2099 年 5 月 7 日滚动更新别名,则新索引的名称为my-index-2099.05.07-000002

    https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-rollover-index.html#roll-over-index-alias-with-write-index

    PUT %3Cmy-index-%7Bnow%2Fd%7D-000001%3E
{
  "aliases": {
    "my-alias": {
      "is_write_index": true
    }
  }
}
#response
{
  "acknowledged": true,
  "shards_acknowledged": true,
  "index": "my-index-2024.06.05-000001"
}

POST my-alias/_rollover
#response
{
  "acknowledged": true,
  "shards_acknowledged": true,
  "old_index": "my-index-2024.06.05-000001",
  "new_index": "my-index-2024.06.05-000002",
  "rolled_over": true,
  "dry_run": false,
  "conditions": {}
}

    注意:您应该手动创建第一个滚动索引。

    • 0

相关问题