当弹性搜索索引记录时如何启用日志记录?
我正在尝试测量使用ELK堆栈所涉及的延迟。我正在登录我的测试应用程序,我想知道它出现在ElasticSearch中需要多长时间。我知道这只是一个粗略的估计,对我的环境非常具体。
I am trying to measure the latency involved with using the ELK stack. I am logging in my test application and I want to find out how long it takes before it appears in ElasticSearch. I understand this will only be a rough estimate and is very specific to my environment.
如何衡量我的app / logstash / elasticsearch之间的延迟?
How can I measure the latency between my app/logstash/elasticsearch?
编辑:
我正在关注建议并启用_timestamp,但我没有看到我的记录中的字段。
I am following suggestion and enabled _timestamp but I don't see the field in my records.
{
logaggr : {
order : 0,
template : "logaggr-*",
settings : {},
mappings : {
logaggr : {
date_detection : false,
_timestamp : {
enabled : true,
store: true
},
properties : {
level : {
type : "string"
},
details : {
type : "string"
},
logts : {
format : "yyyy-MM-dd HH:mm:ss,SSS",
type : "date"
},
classname : {
type : "string"
},
thread : {
type : "string"
}
}
}
},
aliases : {}
}
}
提前感谢
有三个时间戳可以解答您的问题:
There are three timestamps that will answer your question:
- 日志文件时间戳,例如当应用程序写信息时。确保您的服务器的时钟是正确的。
- @timestamp,由logstash设置为收到日志的时间。
- _timestamp,其中弹性搜索可以设置为收到日志的时间。必须在弹性搜索中启用此设置
- the log file timestamp, e.g. when the application wrote the information. Make sure your server's clock is correct.
- @timestamp, which is set by logstash to the time when it receives the log.
- _timestamp, which elasticsearch can set to the time when it receives the log. This setting must be enabled in elasticsearch.
在这三个之间,您可以通过ELK跟踪日志的进度。
Between these three, you can track the progress of your logs through ELK.