我想查看针对 Elasticsearch 实例执行的所有查询。是否可以在调试模式下运行elasticsearch,或者告诉它存储针对它执行的所有查询?
目的是查看使用elasticsearch进行分析的软件启动了哪些查询。
在 ElasticSearch 5 之前的版本中,您可以通过更改 ElasticSearch.yml 配置文件来实现此目的。在此文件的最底部,您可以调整记录时间以记录所有:
index.search.slowlog.threshold.query.warn: 10s
index.search.slowlog.threshold.query.info: 5s
index.search.slowlog.threshold.query.debug: 2s
index.search.slowlog.threshold.query.trace: 500ms
index.search.slowlog.threshold.fetch.warn: 1s
index.search.slowlog.threshold.fetch.info: 800ms
index.search.slowlog.threshold.fetch.debug: 500ms
index.search.slowlog.threshold.fetch.trace: 200ms
index.indexing.slowlog.threshold.index.warn: 10s
index.indexing.slowlog.threshold.index.info: 5s
index.indexing.slowlog.threshold.index.debug: 2s
index.indexing.slowlog.threshold.index.trace: 500ms
调整设置并重新启动节点,然后查阅日志以查看针对节点执行的查询。请注意生产日志文件的大小是否会快速增加。
在 5.x 版本中,您必须为每个索引设置慢速日志记录。
命令行:
curl -XPUT 'http://localhost:9200/myindexname/_settings' -d '{
"index.indexing.slowlog.threshold.index.debug" : "0s",
"index.search.slowlog.threshold.fetch.debug" : "0s",
"index.search.slowlog.threshold.query.debug" : "0s"
}'
或者,如果您使用的是 Kibana,请转到 Dev Tools 栏并输入:
PUT /myindexname/_settings
{"index.indexing.slowlog.threshold.index.debug": "0s",
"index.search.slowlog.threshold.fetch.debug" : "0s",
"index.search.slowlog.threshold.query.debug": "0s"}
#1:适用于所有指数
您可以使用以下命令将设置应用于所有索引:
PUT /_all/_settings
{"index.indexing.slowlog.threshold.index.debug": "0s",
"index.search.slowlog.threshold.fetch.debug" : "0s",
"index.search.slowlog.threshold.query.debug": "0s"}
#2:保留现有设置
如果您不想覆盖现有设置,而只是添加新设置,请在 _settings 之后添加 '''preserve_existing=true''',如下所示:
PUT /_all/_settings?preserve_existing=true
{"index.indexing.slowlog.threshold.index.debug": "0s",
"index.search.slowlog.threshold.fetch.debug" : "0s",
"index.search.slowlog.threshold.query.debug": "0s"}
上述请求只会添加不存在的设置。如果它们已经存在,它就不会改变它们。
#3:所有可用的日志设置
所有可用的慢日志设置都位于此处和下面,供您参考:
PUT /test_index/_settings
{
"index.search.slowlog.threshold.query.warn": "60s",
"index.search.slowlog.threshold.query.info": "5s",
"index.search.slowlog.threshold.query.debug": "1s",
"index.search.slowlog.threshold.query.trace": "0.1s",
"index.search.slowlog.threshold.fetch.warn": "30s",
"index.search.slowlog.threshold.fetch.info": "5s",
"index.search.slowlog.threshold.fetch.debug": "1s",
"index.search.slowlog.threshold.fetch.trace": "0.1s",
"index.indexing.slowlog.threshold.index.warn": "6s",
"index.indexing.slowlog.threshold.index.info": "5s",
"index.indexing.slowlog.threshold.index.debug": "1s",
"index.indexing.slowlog.threshold.index.trace": "0.1s",
"index.indexing.slowlog.level": "info",
"index.indexing.slowlog.source": "1000"
}
从版本 5 开始,ElasticSearch 会为此功能收费。它称为“审核日志”,现在是 X-Pack 的一部分。有一个免费的基本许可证,但该许可证只为您提供简单的监控功能。身份验证、查询日志记录和所有这些相当基本的东西现在都需要花钱。
是的,可以告诉 Elasticsearch 记录对其执行的所有查询,并且您可以配置日志记录级别,例如
DEBUGcurl -X PUT "localhost:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'
{
"transient": {
"logger.org.elasticsearch.discovery": "DEBUG"
}
}
'
在 macOS 上,日志文件默认存储在
$ES_HOME要更新所有索引以记录每个查询,您可以将慢查询设置为 0:
PUT /_all/_settings
{
"index.search.slowlog.threshold.query.warn": "0ms",
"index.search.slowlog.threshold.query.info": "0ms",
"index.search.slowlog.threshold.query.debug": "0ms",
"index.search.slowlog.threshold.query.trace": "0ms"
}
要将其重置为默认值:
PUT /_all/_settings
{
"index.search.slowlog.threshold.query.warn": "-1",
"index.search.slowlog.threshold.query.info": "-1",
"index.search.slowlog.threshold.query.debug": "-1",
"index.search.slowlog.threshold.query.trace": "-1"
}