我在Kubernetes上将Opendistro(1.9.0)用于ElasticSearch(7.8.0)以及Logstash(7.8.0)和Kibana。
我创建了索引模板(logstash-msd-template.json)和策略(delete-logstash-msd-policy.json),然后将其放在/ config文件夹下的Logstash Pod中
bash-4.2$ pwd
/usr/share/logstash/config
bash-4.2$ ls -ltr
total 26
-rw-r--r-- 1 logstash root 286 Jun 14 21:28 pipelines.yml
-rw-rw-r-- 1 logstash root 342 Jun 14 21:28 logstash-sample.conf
-rw-r--r-- 1 root root 49 Jul 24 13:45 logstash.yml
**-rw-r--r-- 1 root root 1448 Jul 24 13:45 logstash-msd-template.json
-rw-r--r-- 1 root root 982 Jul 24 13:45 delete-logstash-msd-policy.json**
bash-4.2$
这是我的Logstash输出配置,并按如下所示引用了它:
output {
elasticsearch {
template_overwrite => true
manage_template => true
template => "/usr/share/logstash/config/logstash-msd-template.json"
template_name => "logstash-msd-template"
**. . .**
ilm_enabled => false
index => "logstash-%{[@metadata][tenant]}-blah-%{+YYYY.MM.dd}"
}
}
我的索引模板(logstash-msd-template.json):在其中我将策略引用为("opendistro.index_state_management.policy_id": "delete-logstash-msd-policy.json")
{
"order": 1,
"version": 60001,
"index_patterns": [
"logstash-msd-*"
],
"settings": {
"opendistro.index_state_management.policy_id": "delete-logstash-msd-policy.json",
"index": {
"number_of_shards": "1",
"refresh_interval": "5s"
}
},
"mappings": {
"dynamic_templates": [
{
"message_field": {
"path_match": "message",
"mapping": {
"norms": false,
"type": "text"
},
"match_mapping_type": "string"
}
},
{
"string_fields": {
"mapping": {
"norms": false,
"type": "text",
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
}
},
"match_mapping_type": "string",
"match": "*"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"geoip": {
"dynamic": true,
"properties": {
"ip": {
"type": "ip"
},
"latitude": {
"type": "half_float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "half_float"
}
}
},
"@version": {
"type": "keyword"
}
}
},
"aliases": {}
}
我的政策(delete-logstash-msd-policy.json):
{
"policy": {
"policy_id": "delete-logstash-msd-policy",
"description": "A simple default policy that changes the states of msd indexes",
"last_updated_time": 1595340380667,
"schema_version": 1,
"error_notification": null,
"default_state": "hot",
"states": [
{
"name": "hot",
"actions": [],
"transitions": [
{
"state_name": "delete",
"conditions": {
"min_index_age": "2h"
}
}
]
},
{
"name": "delete",
"actions": [
{
"delete": {}
}
],
"transitions": []
}
]
}
}
现在,当我参考ES 7.8.0文档中的策略(Here)时 并且它还显示一个注释: 自定义ILM策略必须在Elasticsearch群集上已经存在,然后才能使用。
output {
elasticsearch {
ilm_rollover_alias => "custom"
ilm_pattern => "000001"
***ilm_policy => "custom_policy"***
}
}
ilm_policy 是接受策略路径还是仅接受策略ID? (Check Documentation)
两个文档都说策略应该已经在Elastic Cluster上存在。
有人可以告诉我在弹性集群中复制策略的确切路径吗? 要么 我应该把它放在logstash配置文件夹中吗?
我也见过OpenDistro Documentaion(但只谈论API)