$ docker-compose up
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.dockerr-kibana.environment.ELASTICSEARCH_HOSTS contains ["http://host.docker.internal:9200", "http://host.docker.internal:9201", "http://host.docker.internal:9202"],
which is an invalid type, it should be a string, number, or a null
match_mapping_type) JSON 파서를 통해서 data type 을 detection 합니다. long, double 의 경우 integer 와 float 에 대한 정확한 detection 이 어렵기 때문에 항상 long 과 double 로 detection 하게 됩니다.
detection type 은 아래와 같습니다. - boolean - date - double - long - object - string
[Code Snippet from Elastic] - long type 으로 matching 된 것을 모두 integer 로 설정 하는 것과 - string type 으로 matching 된 것을 모두 text 와 fields 설정을 이용해서 keyword 로 설정 하는 것입니다.
match_pattern) 이 설정은 위에서 "match": "long_*" 과 같은 wildcard 패턴을 java 정규식으로 사용하기 위한 설정입니다.
[Code Snippet from Elastic]
"match_pattern": "regex",
"match": "^profit_\d+$"
path_match and path_unmatch) 이 설정은 nested 나 object field 에 대한 match, unmatch 와 동일한 설정 입니다.
% Nested field type The nested type is a specialised version of the object data type that allows arrays of objects to be indexed in a way that they can be queried independently of each other.
{name} and {dynamic_type} 이 설정은 field명을 {name} 으로 사용하고 matching 된 data type 을 {dynamic_type} 으로 사용하는 설정입니다.
[Code Snippet from Elastic] - analyzer 로 english analyer 를 사용 하겠다는 의미 입니다. {name} == "english" - {dynamic_type} == long 으로 매칭이 되었고 doc_values 를 사용하지 않겠다는 의미 입니다.
[discovery.seed_hosts]
Provides a list of the addresses of the master-eligible nodes in the cluster.
1. transport.profiles.default.port
2. transport.port
If neither of these is set then the default port is 9300.
$ bin/elasticsearch -d -p pid
$ bin/elasticsearch-setup-passwords interactive
에러 발생)
{
"error" : {
"root_cause" : [
{
"type" : "exception",
"reason" : "Security must be explicitly enabled when using a [basic] license. Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file and restart the node."
}
],
"type" : "exception",
"reason" : "Security must be explicitly enabled when using a [basic] license. Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file and restart the node."
},
"status" : 500
}
xpack security 설정)
$ vi config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
재실행)
$ bin/elasticsearch-setup-passwords interactive
$ bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N] y
Enter password for [elastic]: elastic
Reenter password for [elastic]: elastic
Enter password for [apm_system]: elastic
Reenter password for [apm_system]: elastic
Enter password for [kibana_system]: elastic
Reenter password for [kibana_system]: elastic
Enter password for [logstash_system]: elastic
Reenter password for [logstash_system]: elastic
Enter password for [beats_system]: elastic
Reenter password for [beats_system]: elastic
Enter password for [remote_monitoring_user]: elastic
Reenter password for [remote_monitoring_user]: elastic
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
Kibana 설정)
$ vi config/kibana.yml
46 elasticsearch.username: "kibana_system"
47 elasticsearch.password: "elastic"
$ bin/kibana
Kibana 접속)
http://localhost:5601
ID/PWD
elastic/elastic
Kibana IngestManager 접속)
http://localhost:5601/app/ingestManager#/
Agent 사용을 위한 Kibana 추가 설정)
xpack.ingestManager.fleet.tlsCheckDisabled: true
xpack.encryptedSavedObjects.encryptionKey: a123456789012345678901234567890b
이후 단계는 아래 문서 대로 따라 합니다.)
https://www.elastic.co/guide/en/ingest-management/current/ingest-management-getting-started.html
./elastic-agent enroll http://localhost:5601 cEpibEtIUUI2akhoRVR0LWdwZVg6blhHNGdMeURUbVNPQUE0RS1GOFduUQ==
./elastic-agent run
$ ./elastic-agent enroll http://localhost:5601 cEpibEtIUUI2akhoRVR0LWdwZVg6blhHNGdMeURUbVNPQUE0RS1GOFduUQ==
The Elastic Agent is currently in BETA and should not be used in production
This will replace your current settings. Do you want to continue? [Y/n]: y
Error: connection to Kibana is insecure, strongly recommended to use a secure connection (override with --insecure)
$ ./elastic-agent enroll http://localhost:5601 cEpibEtIUUI2akhoRVR0LWdwZVg6blhHNGdMeURUbVNPQUE0RS1GOFduUQ== --insecure
The Elastic Agent is currently in BETA and should not be used in production
This will replace your current settings. Do you want to continue? [Y/n]:y
2020-08-26T14:06:01.782+0900 DEBUG kibana/client.go:170 Request method: POST, path: /api/ingest_manager/fleet/agents/enroll
Successfully enrolled the Agent.
$ ./elastic-agent run
Kibana IngestManager 확인)
http://localhost:5601/app/ingestManager#/
Elasticsearch + Kibana + ElasticAgent + Elastic Common Schema 구성이며, 기존에 beats 를 이용해서 log/data shipper 기능을 구현 하던걸 agent 하나로 대체 할 수 있을 것 같습니다.
더불어서 ECS 기반의 Kibana 에서 Dashboard 와 Visualize 에 대해서도 Preset 을 제공 하니 잘 활용하면 아주 멋질 것으로 기대 합니다.
# bin/elasticsearch-setup-passwords interactive Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system]
Changed password for user [remote_monitoring_user] Changed password for user [elastic]