ELK in docker

官方文档见:《Running the Elastic Stack (“ELK”) on Docker》

Start Elasticsearch and Kibana in Docker

任意在容器中启动的单节点 Elasticsearch 集群都会 security will be automatically enabled and configured for you。这包括:

  • 证书和key会在配置目录下自动生成。Certificates and keys are generated for the transport and HTTP layers.``When you install Elasticsearch, the following certificates and keys are generated in the Elasticsearch configuration directory, which are used to connect a Kibana instance to your secured Elasticsearch cluster and to encrypt internode communication.
  • The Transport Layer Security (TLS) configuration settings are written to elasticsearch.yml. elasticsearch 的配置文件会在启动时被自动修改,就这点而言,和 Redis cluster 是很像的。
  • 生成一个给elastic用户的密码。
  • 生成两个enrollment token,一个为 Kibana,一个为其他 Es 节点(问题:允许动态加入集群用?)。

给 Kibana 用的enrollment token可以被下来直接使用(只有30分钟的有效期),生成一个给 kibana用来连 Elasticsearch 的同名账户,然后把安全配置都写入kibana.yml

Prerequisites

1
2
3
# 拉取基础镜像
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.2.0
docker pull docker.elastic.co/kibana/kibana:8.2.0

Start a single-node Elasticsearch cluster and enroll Kibana

1
2
3
4
# 创建名为 elastic 的可以被引用的 docker network
docker network create elastic
# 使用 elastic 和 9200 端口,启动名为 es01 的服务/容器,启动一个交互式的tty
docker run --name es01 --net elastic -p 9200:9200 -it docker.elastic.co/elasticsearch/elasticsearch:8.2.0

常见输出如下:

{“@timestamp”:”2022-05-12T06:35:59.012Z”, “log.level”: “INFO”,
“message”:”version[8.2.0], pid[7],
build[default/docker/b174af62e8dd9f4ac4d25875e9381ffe2b9282c5/2022-04-20T10:35:10.180408517Z],
OS[Linux/5.10.104-linuxkit/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit
Server VM/18/18+36]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.node.Node”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:35:59.019Z”, “log.level”: “INFO”,
“message”:”JVM home [/usr/share/elasticsearch/jdk], using bundled JDK
[true]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.node.Node”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:35:59.020Z”, “log.level”: “INFO”,
“message”:”JVM arguments [-Xshare:auto,
-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, —add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-9376566618455158550, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m,
-Des.cgroups.hierarchy.override=/, -Xms3929m, -Xmx3929m, -XX:MaxDirectMemorySize=2060451840, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]”, “ecs.version”: “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.node.Node”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.361Z”, “log.level”: “INFO”,
“message”:”loaded module [aggs-matrix-stats]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.361Z”, “log.level”: “INFO”,
“message”:”loaded module [analysis-common]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.361Z”, “log.level”: “INFO”,
“message”:”loaded module [constant-keyword]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.362Z”, “log.level”: “INFO”,
“message”:”loaded module [data-streams]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.362Z”, “log.level”: “INFO”,
“message”:”loaded module [frozen-indices]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.363Z”, “log.level”: “INFO”,
“message”:”loaded module [ingest-common]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.363Z”, “log.level”: “INFO”,
“message”:”loaded module [ingest-geoip]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.363Z”, “log.level”: “INFO”,
“message”:”loaded module [ingest-user-agent]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.364Z”, “log.level”: “INFO”,
“message”:”loaded module [kibana]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.364Z”, “log.level”: “INFO”,
“message”:”loaded module [lang-expression]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.365Z”, “log.level”: “INFO”,
“message”:”loaded module [lang-mustache]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.365Z”, “log.level”: “INFO”,
“message”:”loaded module [lang-painless]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.365Z”, “log.level”: “INFO”,
“message”:”loaded module [legacy-geo]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.366Z”, “log.level”: “INFO”,
“message”:”loaded module [mapper-extras]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.366Z”, “log.level”: “INFO”,
“message”:”loaded module [mapper-version]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.367Z”, “log.level”: “INFO”,
“message”:”loaded module [parent-join]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.368Z”, “log.level”: “INFO”,
“message”:”loaded module [percolator]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.368Z”, “log.level”: “INFO”,
“message”:”loaded module [rank-eval]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.369Z”, “log.level”: “INFO”,
“message”:”loaded module [reindex]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.370Z”, “log.level”: “INFO”,
“message”:”loaded module [repositories-metering-api]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.370Z”, “log.level”: “INFO”,
“message”:”loaded module [repository-azure]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.371Z”, “log.level”: “INFO”,
“message”:”loaded module [repository-encrypted]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.371Z”, “log.level”: “INFO”,
“message”:”loaded module [repository-gcs]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.372Z”, “log.level”: “INFO”,
“message”:”loaded module [repository-s3]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.372Z”, “log.level”: “INFO”,
“message”:”loaded module [repository-url]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.373Z”, “log.level”: “INFO”,
“message”:”loaded module [runtime-fields-common]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.373Z”, “log.level”: “INFO”,
“message”:”loaded module [search-business-rules]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.373Z”, “log.level”: “INFO”,
“message”:”loaded module [searchable-snapshots]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.374Z”, “log.level”: “INFO”,
“message”:”loaded module [snapshot-based-recoveries]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.374Z”, “log.level”: “INFO”,
“message”:”loaded module [snapshot-repo-test-kit]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.375Z”, “log.level”: “INFO”,
“message”:”loaded module [spatial]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.376Z”, “log.level”: “INFO”,
“message”:”loaded module [transform]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.376Z”, “log.level”: “INFO”,
“message”:”loaded module [transport-netty4]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.377Z”, “log.level”: “INFO”,
“message”:”loaded module [unsigned-long]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.377Z”, “log.level”: “INFO”,
“message”:”loaded module [vector-tile]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.378Z”, “log.level”: “INFO”,
“message”:”loaded module [vectors]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.378Z”, “log.level”: “INFO”,
“message”:”loaded module [wildcard]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.379Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-aggregate-metric]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.379Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-analytics]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.380Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-async]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.380Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-async-search]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.381Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-autoscaling]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.381Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-ccr]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.381Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-core]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.382Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-deprecation]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.382Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-enrich]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.383Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-eql]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.383Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-fleet]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.383Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-graph]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.384Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-identity-provider]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.384Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-ilm]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.385Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-logstash]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.385Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-ml]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.385Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-monitoring]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.386Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-ql]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.386Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-rollup]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.387Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-security]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.387Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-shutdown]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.387Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-sql]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.388Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-stack]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.388Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-text-structure]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.388Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-voting-only-node]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.389Z”, “log.level”: “INFO”,
“message”:”loaded module [x-pack-watcher]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.389Z”, “log.level”: “INFO”,
“message”:”no plugins loaded”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.plugins.PluginsService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.442Z”, “log.level”: “INFO”,
“message”:”using 1 data paths, mounts [[/ (overlay)]], net
usable_space [51.9gb], net total_space [58.4gb], types [overlay]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.env.NodeEnvironment”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.442Z”, “log.level”: “INFO”,
“message”:”heap size [3.8gb], compressed ordinary object pointers
[true]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.env.NodeEnvironment”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:02.468Z”, “log.level”: “INFO”,
“message”:”node name [04c692e5649b], node ID [ctI70l_oSP2CdfqghsmxHg],
cluster name [docker-cluster], roles [ingest, data_frozen, ml,
data_hot, transform, data_content, data_warm, master,
remote_cluster_client, data, data_cold]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.node.Node”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:07.838Z”, “log.level”: “INFO”,
“message”:”[controller/307] [Main.cc@123] controller (64 bit): Version
8.2.0 (Build a8c0a88ede0ff2) Copyright (c) 2022 Elasticsearch BV”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”ml-cpp-log-tail-thread”,”log.logger”:”org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:08.058Z”, “log.level”: “INFO”,
“message”:”Security is enabled”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.xpack.security.Security”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:08.324Z”, “log.level”: “INFO”,
“message”:”license mode is [trial], currently licensed security realms
are [reserved/reserved,file/default_file,native/default_native]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.xpack.security.authc.Realms”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:08.334Z”, “log.level”: “INFO”,
“message”:”parsed [0] roles from file
[/usr/share/elasticsearch/config/roles.yml]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.xpack.security.authz.store.FileRolesStore”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}

{“@timestamp”:”2022-05-12T06:36:09.938Z”, “log.level”: “INFO”,
“message”:”creating NettyAllocator with the following configs:
[name=elasticsearchconfigured, chunk_size=1mb,
suggested_max_allocation_size=1mb,
factors={es.unsafe.use_netty_default_chunk_and_page_size=false,
g1gc_enabled=true, g1gc_region_size=4mb}]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.transport.netty4.NettyAllocator”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:09.976Z”, “log.level”: “INFO”,
“message”:”using rate limit [40mb] with [default=40mb, read=0b,
write=0b, max=0b]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.indices.recovery.RecoverySettings”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:10.025Z”, “log.level”: “INFO”,
“message”:”using discovery type [multi-node] and seed hosts providers
[settings]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.discovery.DiscoveryModule”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:11.744Z”, “log.level”: “INFO”,
“message”:”initialized”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.node.Node”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:11.745Z”, “log.level”: “INFO”,
“message”:”starting …”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.node.Node”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:11.767Z”, “log.level”: “INFO”,
“message”:”persistent cache index loaded”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:11.768Z”, “log.level”: “INFO”,
“message”:”deprecation component started”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:11.926Z”, “log.level”: “INFO”,
“message”:”publish_address {172.18.0.2:9300}, bound_addresses
{0.0.0.0:9300}”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.transport.TransportService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.087Z”, “log.level”: “INFO”,
“message”:”bound or publishing to a non-loopback address, enforcing
bootstrap checks”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.bootstrap.BootstrapChecks”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.108Z”, “log.level”: “INFO”,
“message”:”setting initial configuration to
VotingConfiguration{ctI70l_oSP2CdfqghsmxHg}”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.cluster.coordination.Coordinator”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.275Z”, “log.level”: “INFO”,
“message”:”elected-as-master (1 nodes joined)[_FINISH_ELECTION,
{04c692e5649b}{ctI70l_oSP2CdfqghsmxHg}{sGNr3YP5QFyO_65xs4ypjw}{172.18.0.2}{172.18.0.2:9300}{cdfhilmrstw}
completing election], term: 1, version: 1, delta: master node changed
{previous [], current
[{04c692e5649b}{ctI70l_oSP2CdfqghsmxHg}{sGNr3YP5QFyO_65xs4ypjw}{172.18.0.2}{172.18.0.2:9300}{cdfhilmrstw}]}”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.service.MasterService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.309Z”, “log.level”: “INFO”,
“message”:”cluster UUID set to [Nl5mgdsyTOOFbO6NtuhVbA]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][cluster_coordination][T#1]”,”log.logger”:”org.elasticsearch.cluster.coordination.CoordinationState”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.343Z”, “log.level”: “INFO”,
“message”:”master node changed {previous [], current
[{04c692e5649b}{ctI70l_oSP2CdfqghsmxHg}{sGNr3YP5QFyO_65xs4ypjw}{172.18.0.2}{172.18.0.2:9300}{cdfhilmrstw}]},
term: 1, version: 1, reason: Publication{term=1, version=1}”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][clusterApplierService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.service.ClusterApplierService”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.400Z”, “log.level”: “INFO”,
“message”:”publish_address {172.18.0.2:9200}, bound_addresses
{0.0.0.0:9200}”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.http.AbstractHttpServerTransport”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.400Z”, “log.level”: “INFO”,
“message”:”started”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”main”,”log.logger”:”org.elasticsearch.node.Node”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.527Z”, “log.level”: “INFO”,
“message”:”recovered [0] indices into cluster_state”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.gateway.GatewayService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.866Z”, “log.level”: “INFO”,
“message”:”adding index template [.monitoring-es-mb] for index
patterns [.monitoring-es-8-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.925Z”, “log.level”: “INFO”,
“message”:”adding index template [.monitoring-kibana-mb] for index
patterns [.monitoring-kibana-8-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:12.987Z”, “log.level”: “INFO”,
“message”:”adding index template [.monitoring-beats-mb] for index
patterns [.monitoring-beats-8-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.034Z”, “log.level”: “INFO”,
“message”:”adding template [.monitoring-alerts-7] for index patterns
[.monitoring-alerts-7]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.075Z”, “log.level”: “INFO”,
“message”:”adding template [.monitoring-logstash] for index patterns
[.monitoring-logstash-7-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.123Z”, “log.level”: “INFO”,
“message”:”adding template [.monitoring-beats] for index patterns
[.monitoring-beats-7-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.175Z”, “log.level”: “INFO”,
“message”:”adding template [.monitoring-kibana] for index patterns
[.monitoring-kibana-7-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.228Z”, “log.level”: “INFO”,
“message”:”adding index template [.monitoring-ent-search-mb] for index
patterns [.monitoring-ent-search-8-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.276Z”, “log.level”: “INFO”,
“message”:”adding template [.monitoring-es] for index patterns
[.monitoring-es-7-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.335Z”, “log.level”: “INFO”,
“message”:”adding index template [.ml-notifications-000002] for index
patterns [.ml-notifications-000002]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.376Z”, “log.level”: “INFO”,
“message”:”adding index template [.ml-stats] for index patterns
[.ml-stats-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.408Z”, “log.level”: “INFO”,
“message”:”adding index template [.ml-state] for index patterns
[.ml-state]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.453Z”, “log.level”: “INFO”,
“message”:”adding index template [.ml-anomalies-] for index patterns
[.ml-anomalies-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.495Z”, “log.level”: “INFO”,
“message”:”adding index template [.monitoring-logstash-mb] for index
patterns [.monitoring-logstash-8-]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.526Z”, “log.level”: “INFO”,
“message”:”adding component template [synthetics-mappings]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.559Z”, “log.level”: “INFO”,
“message”:”adding component template [metrics-mappings]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.591Z”, “log.level”: “INFO”,
“message”:”adding component template [logs-settings]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.621Z”, “log.level”: “INFO”,
“message”:”adding component template [metrics-settings]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.648Z”, “log.level”: “INFO”,
“message”:”adding component template [synthetics-settings]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.684Z”, “log.level”: “INFO”,
“message”:”adding component template [data-streams-mappings]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.715Z”, “log.level”: “INFO”,
“message”:”adding component template [logs-mappings]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.770Z”, “log.level”: “INFO”,
“message”:”adding index template [.watch-history-16] for index
patterns [.watcher-history-16]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.803Z”, “log.level”: “INFO”,
“message”:”adding index template [ilm-history] for index patterns
[ilm-history-5]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.835Z”, “log.level”: “INFO”,
“message”:”adding index template [.slm-history] for index patterns
[.slm-history-5]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.867Z”, “log.level”: “INFO”,
“message”:”adding component template
[.deprecation-indexing-mappings]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.896Z”, “log.level”: “INFO”,
“message”:”adding component template
[.deprecation-indexing-settings]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.932Z”, “log.level”: “INFO”,
“message”:”adding index template [metrics] for index patterns
[metrics--]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.962Z”, “log.level”: “INFO”,
“message”:”adding index template [synthetics] for index patterns
[synthetics--]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:13.991Z”, “log.level”: “INFO”,
“message”:”adding index template [logs] for index patterns
[logs--]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.023Z”, “log.level”: “INFO”,
“message”:”adding index template [.deprecation-indexing-template] for
index patterns [.logs-deprecation.]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataIndexTemplateService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.047Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [ml-size-based-ilm-policy]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.105Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [.monitoring-8-ilm-policy]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.132Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [logs]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.154Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [synthetics]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.174Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [metrics]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.196Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [7-days-default]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.225Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [30-days-default]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.245Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [90-days-default]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.267Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [180-days-default]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.288Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [365-days-default]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.308Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy
[watch-history-ilm-policy-16]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.327Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [ilm-history-ilm-policy]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.348Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy [slm-history-ilm-policy]”,
“ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.366Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy
[.deprecation-indexing-ilm-policy]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.385Z”, “log.level”: “INFO”,
“message”:”adding index lifecycle policy
[.fleet-actions-results-ilm-policy]”, “ecs.version”:
“1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.ilm.action.TransportPutLifecycleAction”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
{“@timestamp”:”2022-05-12T06:36:14.474Z”, “log.level”: “INFO”,
“message”:”license [ec0acb34-e0b1-4240-8366-7f634637409d] mode [basic]

  • valid”, “ecs.version”: “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][clusterApplierService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.license.LicenseService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:14.475Z”, “log.level”: “INFO”,
    “message”:”license mode is [basic], currently licensed security realms
    are [reserved/reserved,file/default_file,native/default_native]”,
    “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][clusterApplierService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.xpack.security.authc.Realms”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:18.206Z”, “log.level”: “INFO”,
    “message”:”[.geoip_databases] creating index, cause [auto(bulk api)],
    templates [], shards 1/[0]”, “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataCreateIndexService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:18.382Z”, “log.level”: “INFO”,
    “current.health”:”GREEN”,”message”:”Cluster health status changed from
    [YELLOW] to [GREEN] (reason: [shards started
    [[.geoip_databases][0]]]).”,”previous.health”:”YELLOW”,”reason”:”shards
    started [[.geoip_databases][0]]” , “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.routing.allocation.AllocationService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:19.437Z”, “log.level”: “INFO”,
    “message”:”retrieve geoip database [GeoLite2-ASN.mmdb] from
    [.geoip_databases] to
    [/tmp/elasticsearch-9376566618455158550/geoip-databases/ctI70l_oSP2CdfqghsmxHg/GeoLite2-ASN.mmdb.tmp.gz]”,
    “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][clusterApplierService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.ingest.geoip.DatabaseNodeService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:19.442Z”, “log.level”: “INFO”,
    “message”:”successfully downloaded geoip database
    [GeoLite2-ASN.mmdb]”, “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][generic][T#7]”,”log.logger”:”org.elasticsearch.ingest.geoip.GeoIpDownloader”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:19.631Z”, “log.level”: “INFO”,
    “message”:”successfully loaded geoip database file
    [GeoLite2-ASN.mmdb]”, “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][generic][T#8]”,”log.logger”:”org.elasticsearch.ingest.geoip.DatabaseNodeService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:21.549Z”, “log.level”: “INFO”,
    “message”:”HTTPS has been configured with automatically generated
    certificates, and the CA’s hex-encoded SHA-256 fingerprint is
    [e1b2a07b50d1844384311f5d12bbe99ba36b3bcbf26e7f3523837a3a540f0cd4]”,
    “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][generic][T#5]”,”log.logger”:”org.elasticsearch.xpack.security.InitialNodeSecurityAutoConfiguration”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:21.551Z”, “log.level”: “INFO”,
    “message”:”security index does not exist, creating [.security-7] with
    alias [.security]”, “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][generic][T#5]”,”log.logger”:”org.elasticsearch.xpack.security.support.SecurityIndexManager”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:21.608Z”, “log.level”: “INFO”,
    “message”:”[.security-7] creating index, cause [api], templates [],
    shards 1/[0]”, “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.metadata.MetadataCreateIndexService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:21.632Z”, “log.level”: “INFO”,
    “message”:”security index does not exist, creating [.security-7] with
    alias [.security]”, “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][security-crypto][T#2]”,”log.logger”:”org.elasticsearch.xpack.security.support.SecurityIndexManager”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:21.632Z”, “log.level”: “INFO”,
    “message”:”security index does not exist, creating [.security-7] with
    alias [.security]”, “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][security-crypto][T#1]”,”log.logger”:”org.elasticsearch.xpack.security.support.SecurityIndexManager”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}
    {“@timestamp”:”2022-05-12T06:36:21.669Z”, “log.level”: “INFO”,
    “current.health”:”GREEN”,”message”:”Cluster health status changed from
    [YELLOW] to [GREEN] (reason: [shards started
    [[.security-7][0]]]).”,”previous.health”:”YELLOW”,”reason”:”shards
    started [[.security-7][0]]” , “ecs.version”:
    “1.2.0”,”service.name”:”ES_ECS”,”event.dataset”:”elasticsearch.server”,”process.thread.name”:”elasticsearch[04c692e5649b][masterService#updateTask][T#1]”,”log.logger”:”org.elasticsearch.cluster.routing.allocation.AllocationService”,”elasticsearch.cluster.uuid”:”Nl5mgdsyTOOFbO6NtuhVbA”,”elasticsearch.node.id”:”ctI70l_oSP2CdfqghsmxHg”,”elasticsearch.node.name”:”04c692e5649b”,”elasticsearch.cluster.name”:”docker-cluster”}

可以看到如下的可见信息:

  1. 使用的 OpenJDK 版本:Eclipse Adoptium/OpenJDK 64-Bit Server VM/18/18+36。
  2. g1 特有的 jvm option,对内存调优有启发。
  3. 安全特性自动生成的密码和证书指纹为:

-> Elasticsearch security features have been automatically configured!
-> Authentication is enabled and cluster connections are encrypted.

-> Password for the elastic user (reset with bin/elasticsearch-reset-password -u elastic): it=PxRkb*VsPzKchEfTn

-> HTTP CA certificate SHA-256 fingerprint: e1b2a07b50d1844384311f5d12bbe99ba36b3bcbf26e7f3523837a3a540f0cd4

  1. 登记用的令牌如下:

-> Configure Kibana to use this cluster:

  • Run Kibana and click the configuration link in the terminal when Kibana starts.
  • Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
    eyJ2ZXIiOiI4LjIuMCIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiZTFiMmEwN2I1MGQxODQ0Mzg0MzExZjVkMTJiYmU5OWJhMzZiM2JjYmYyNmU3ZjM1MjM4MzdhM2E1NDBmMGNkNCIsImtleSI6ImdvSDd0b0FCazVuNlRPMEZrQXJuOl93dUlwUTg4UzNpaWVUS25EUVJoY3cifQ==

-> Configure other nodes to join this cluster:

  • Copy the following enrollment token and start new Elasticsearch nodes with bin/elasticsearch --enrollment-token <token> (valid for
    the next 30 minutes):
    eyJ2ZXIiOiI4LjIuMCIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiZTFiMmEwN2I1MGQxODQ0Mzg0MzExZjVkMTJiYmU5OWJhMzZiM2JjYmYyNmU3ZjM1MjM4MzdhM2E1NDBmMGNkNCIsImtleSI6ImdZSDd0b0FCazVuNlRPMEZrQXJuOnB5V1dNckFPVEFtOXhuUzNTaDZ0cncifQ==

    If you’re running in Docker, copy the enrollment token and run:
    docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.2.0

使用登记用的证书启动新节点:

1
2
# 使用环境变量 + 登记证书 + elastic 网络,运行新的容器
docker run -e "ENROLLMENT_TOKEN=eyJ2ZXIiOiI4LjIuMCIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiZTFiMmEwN2I1MGQxODQ0Mzg0MzExZjVkMTJiYmU5OWJhMzZiM2JjYmYyNmU3ZjM1MjM4MzdhM2E1NDBmMGNkNCIsImtleSI6ImdZSDd0b0FCazVuNlRPMEZrQXJuOnB5V1dNckFPVEFtOXhuUzNTaDZ0cncifQ==" --net elastic  docker.elastic.co/elasticsearch/elasticsearch:8.2.0

从容器内拷贝证书:

1
docker cp es01:/usr/share/elasticsearch/config/certs/http_ca.crt .

常识使用证书来调用 curl:

1
curl --cacert http_ca.crt -u elastic https://localhost:9200

得到以下的内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
{
  "name" : "0bf06961a99d",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "riLsc0uSSRS_Brmk1qHFIw",
  "version" : {
    "number" : "8.2.0",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "b174af62e8dd9f4ac4d25875e9381ffe2b9282c5",
    "build_date" : "2022-04-20T10:35:10.180408517Z",
    "build_snapshot" : false,
    "lucene_version" : "9.1.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

退出和重启容器的方法:

1
2
3
4
5
# ctrl+c 退出

# 列出所有的容器
docker ps -a
docker restart

TODO:如何简单而正确地重启 docker 容器?特别是在集群里自有集群启动算法的前提下。

启动 kibana:

1
docker run --name kibana --net elastic -p 5601:5601 docker.elastic.co/kibana/kibana:8.2.0

重新生成登记令牌:

1
2
# 使用bin下的命令,命令后的参数和选项是给内部的命令的选项
docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

开启第二个节点,注意 es02:

1
docker run -e ENROLLMENT_TOKEN="<token>" --name es02 --net elastic -it docker.elastic.co/elasticsearch/elasticsearch:8.2.0

通过环境变量来设置 ES 的启动配置:

1
2
3
4
5
6
# 标准的解法是要把jvm的选项挂载到特定的文件上
# To manually set the heap size in production, bind mount a JVM options file under /usr/share/elasticsearch/config/jvm.options.d that includes your desired heap size settings.
# For testing, you can also manually set the heap size using the ES_JAVA_OPTS environment variable. For example, to use 16GB, specify -e
ES_JAVA_OPTS="-Xms16g -Xmx16g" with docker run. The ES_JAVA_OPTS variable overrides all other JVM options. We do not recommend using ES_JAVA_OPTS in production. The docker-compose.yml file above sets the heap size to 512MB.
# -e 是环境变量的意思,使用 -e 来放 JAVA_OPTS 的
docker run -e ES_JAVA_OPTS="-Xms1g -Xmx1g" -e ENROLLMENT_TOKEN="<token>" --name es02 -p 9201:9200 --net elastic -it docker.elastic.co/elasticsearch/elasticsearch:8.2.0

Start the Elastic Stack with Docker Compose

要准备两个配置文件,这两个配置文件的原型在elastic/elasticsearch

.env:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# strong password
# Password for the 'elastic' user (at least 6 characters)
ELASTIC_PASSWORD=byebye1234568*&^

# Password for the 'kibana_system' user (at least 6 characters)
KIBANA_PASSWORD=byebye1234568*&^

# Version of Elastic products
STACK_VERSION=8.2.0

# Set the cluster name
# CLUSTER_NAME=docker-cluster
CLUSTER_NAME=magicliang-elk-cluster

# Set to 'basic' or 'trial' to automatically start the 30-day trial
LICENSE=basic
#LICENSE=trial

# Port to expose Elasticsearch HTTP API to the host
ES_PORT=9200
#ES_PORT=127.0.0.1:9200

# Port to expose Kibana to the host
KIBANA_PORT=5601
#KIBANA_PORT=80

# 大约 1 GB 内存
# Increase or decrease based on the available host memory (in bytes)
MEM_LIMIT=1073741824

# Project namespace (defaults to the current folder name if not set)
COMPOSE_PROJECT_NAME=agicliang-elk-cluster-project

docker-compose.yml:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
version: "2.2"

services:
  setup:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es02\n"\
          "    dns:\n"\
          "      - es02\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es03\n"\
          "    dns:\n"\
          "      - es03\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120

  es01:
    depends_on:
      setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - ${ES_PORT}:9200
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es02,es03
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.http.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es02:
    depends_on:
      - es01
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata02:/usr/share/elasticsearch/data
    environment:
      - node.name=es02
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es03
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es02/es02.key
      - xpack.security.http.ssl.certificate=certs/es02/es02.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.http.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es02/es02.key
      - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es03:
    depends_on:
      - es02
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata03:/usr/share/elasticsearch/data
    environment:
      - node.name=es03
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es02
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es03/es03.key
      - xpack.security.http.ssl.certificate=certs/es03/es03.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.http.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es03/es03.key
      - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  kibana:
    depends_on:
      es01:
        condition: service_healthy
      es02:
        condition: service_healthy
      es03:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    mem_limit: ${MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

volumes:
  certs:
    driver: local
  esdata01:
    driver: local
  esdata02:
    driver: local
  esdata03:
    driver: local
  kibanadata:
    driver: local

如何通过多域名绑定一个 ip:

“instances:\n”\
“ - name: es01\n”\
“ dns:\n”\
“ - es01\n”\
“ - localhost\n”\
“ ip:\n”\
“ - 127.0.0.1\n”\

1
2
3
# 启动和销毁 compose stack
docker-compose up -d
docker-compose down -v

es 推荐使用外部的文件进行 bind mount,这样启动文件可以从外部更改而不是进入到容器里修改:

1
2
3
4
5
6
volumes:
      - ./es01.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ...
volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml
      - ...

Kibana

Kibana
Kibana.xmind

基本步骤

最新版本的《Kibana 用户手册》

  1. 安装 ES(注意兼容性)。
  2. 安装 Kibana(注意兼容性)。
  3. 在 ES 里建索引(如果使用 logstash,可能会自动创建索引)。
  4. 在 kibana 里选择 index pattern(注意使用 wildcard),否则将使用 logstash-*。历史上,索引一共有两种模式可以表达事件时间:
    1. 索引的文档里带有时间 field(Index contains time-based events)。
    2. 索引的名字里带有时间戳(Use event times to create index names [DEPRECATED]早已废弃。当然,在 ES 里使用索引别名-索引时间分片后缀的做法依然是一种最佳时间)。
  5. 在 discovery 里创建 search,保存 search。
  6. 根据 search 创建 visualize。
  7. 根据 visualize 创建 dashboard。

search 相关

在单行里面,可能适合写单行的 Lucene DSL,而不适合写复杂的 ES 查询体(如果是在程序里,当然还是使用抽象 API 更好)。

常见的查询语法可以参考《Kibana查询语法详解》或者
ELK:kibana使用的lucene查询语法》,实际上底层是由 ES 的查询字符串语法支持的。

discover 页面

注意保存的页面是不包含时间信息的。

visualize 页面

y 轴可以选各种聚合函数,比如 sum、count、avg。
x 轴选不同的聚合类型(这里不是函数了,而是面向图表聚合),可以选出不同类型的,适合这种聚合的文档 field。有时候还要选 interval。

又如:

这个地方可以选绘图的风格:

dashboard 相关

注意看 visualize 的配置,如果给予 visualize 的空间太小,可能图是绘制不出来的。

可视化的文字数据:

管理存储的查询、可视化和大盘

存储对象的位置:

索引相关

ES 似乎默认就能理解 apache log 的几个要素(request 等)。