ElasticSearch 简介

Elasticsearch 是一个基于 Lucene 的搜索服务器。它提供了一个分布式多用户能力的 全文搜索引擎,基于 RESTful web 接口。Elasticsearch 是用 Java 语言开发的,并作为 Apache 许可条款下的开放源码发布,是一种流行的企业级搜索引擎。
Elasticsearch 是与名为 Logstash 的数据收集和日志解析引擎以及名为 Kibana 的分析和可视化平台一起开发的。这三个产品被设计成一个集成解决方案,称为 “Elastic Stack”(以前称为 “ELK stack”)。
ElasticSearch 概念介绍

Elasticsearch 是面向文档型数据库,一条数据在这里就是一个文档。为了理解,可以将 Elasticsearch 里存储文档数据和关系型数据库 MySQL 存储数据的概念进行一个类比

es 的 Index 就相当于 MySql 的数据库
es 的 type 相当于 MySql 的表
es 的 Document 相当于 MySql 的一行记录
es 的 Field 相当于 MySql 的字段

https://www.elastic.co/guide/en/elasticsearch/reference/7.10/deb.html#deb

使用apt安装

1
2
3
4
5
6
7
8
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

sudo apt-get install apt-transport-https


echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install elasticsearch

下面记录一下使用 apt 按照的过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
$ sudo apt-get update && sudo apt-get install elasticsearch
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable InRelease [10.4 kB]
Hit:2 http://us.archive.ubuntu.com/ubuntu bionic InRelease                                                                          
Get:3 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 Packages [53.6 kB]                            
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]                                                   
Hit:5 https://download.docker.com/linux/ubuntu bionic InRelease                                                                           
Get:6 https://artifacts.elastic.co/packages/7.x/apt stable/main i386 Packages [43.3 kB]                                                   
Get:7 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]                                         
Get:8 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]                  
Fetched 359 kB in 2s (167 kB/s)    
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  elasticsearch
0 upgraded, 1 newly installed, 0 to remove and 282 not upgraded.
Need to get 319 MB of archives.
After this operation, 535 MB of additional disk space will be used.
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 elasticsearch amd64 7.10.2 [319 MB]
Fetched 319 MB in 1min 19s (4,014 kB/s)                                                                                                                                                                                                  
Selecting previously unselected package elasticsearch.
(Reading database ... 83853 files and directories currently installed.)
Preparing to unpack .../elasticsearch_7.10.2_amd64.deb ...
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Unpacking elasticsearch (7.10.2) ...
Processing triggers for ureadahead (0.100.0-20) ...
ureadahead will be reprofiled on next reboot
Setting up elasticsearch (7.10.2) ...
Created elasticsearch keystore in /etc/elasticsearch/elasticsearch.keystore
Processing triggers for systemd (237-3ubuntu10.12) ...
Processing triggers for ureadahead (0.100.0-20) ...

安装完成会建个linux的系统账号 elasticsearch:x:111:115::/nonexistent:/bin/false

手动安装

1
2
3
4
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-amd64.deb
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-amd64.deb.sha512
shasum -a 512 -c elasticsearch-7.10.2-amd64.deb.sha512 
sudo dpkg -i elasticsearch-7.10.2-amd64.deb

安装完成后 ES 并没有启动的。下面就要配置一下开机自启动。

配置ES开机自启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
1️⃣ 如果是比较旧的ubuntu版本,使用的还是 sysv init 管理开机自启动进程的话 执行下面的命令设置开机自启动。
sudo update-rc.d elasticsearch defaults 95 10

使用下面命令 启动和停止服务
sudo -i service elasticsearch start
sudo -i service elasticsearch stop

2️⃣ 如果是比较新的ubuntu版本,使用的 systemd 管理的使用下面的命令。
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service

使用下面命令 启动和停止服务
sudo systemctl start elasticsearch.service
sudo systemctl stop elasticsearch.service

配置password(待研究这个是干啥用的。)

1
2
3
4
echo "keystore_password" > /path/to/my_pwd_file.tmp
chmod 600 /path/to/my_pwd_file.tmp
sudo systemctl set-environment ES_KEYSTORE_PASSPHRASE_FILE=/path/to/my_pwd_file.tmp
sudo systemctl start elasticsearch.service

其他配置

默认的Elasticsearch 服务 不会把log信息传到 systemd journal.需要打开这个 就把 /etc/systemd/system/multi-user.target.wants/elasticsearch.service 中的ExecStart 的 –quiet 选项去掉。然后执行 sudo systemctl daemon-reload,
sudo systemctl restart elasticsearch.service 重启服务。

这样就可以使用 sudo journalctl –unit elasticsearch 查看 es的日志了。

简单用法

基于HTTP协议,以JSON为数据交互格式的RESTful API
curl -X<VERB> '<PROTOCOL>://<HOST>:<PORT>/<PATH>?<QUERY_STRING>' -d '<BODY>'

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
curl -i -XGET 'localhost:9200/'
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 535

{
  "name" : "es-master",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "y4_5urOWTTuouL8iWK1_bg",
  "version" : {
    "number" : "7.10.2",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "747e1cc71def077253878a59143c1f785afa92b9",
    "build_date" : "2021-01-13T00:42:12.435326Z",
    "build_snapshot" : false,
    "lucene_version" : "8.7.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ curl -i -H "Content-Type: application/json" -XGET 'http://localhost:9200/_count?pretty' -d '
{
    "query": {
        "match_all": {}
    }
}
'
HTTP/1.1 200 OK
Warning: 299 Elasticsearch-7.10.2-747e1cc71def077253878a59143c1f785afa92b9 "this request accesses system indices: [.apm-agent-configuration, .apm-custom-link, .async-search, .kibana_1, .kibana_task_manager_1], but in a future major version, direct access to system indices will be prevented by default"
content-type: application/json; charset=UTF-8
content-length: 116

{
  "count" : 143,
  "_shards" : {
    "total" : 6,
    "successful" : 6,
    "skipped" : 0,
    "failed" : 0
  }
}

1
2
3
4
如果报错:
elasticsearch6.x {"error":"Content-Type header [application/x-www-form-urlencoded] is not supported"
加上这个
-H "Content-Type: application/json"

利用kibana中的开发工具可以快速的发请求

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# index a doc
PUT index/_doc/1
{
  "body": "here"
}

# and get it ...
GET index/_doc/1



PUT /megacorp/employee/1
{
    "first_name" : "John",
    "last_name" :  "Smith",
    "age" :        25,
    "about" :      "I love to go rock climbing",
    "interests": [ "sports", "music" ]
}


PUT /megacorp/employee/2
{
    "first_name" :  "Jane",
    "last_name" :   "Smith",
    "age" :         32,
    "about" :       "I like to collect rock albums",
    "interests":  [ "music" ]
}

PUT /megacorp/employee/3
{
    "first_name" :  "Douglas",
    "last_name" :   "Fir",
    "age" :         35,
    "about":        "I like to build cabinets",
    "interests":  [ "forestry" ]
}


















在这里插入图片描述