Elasticsearch 查询插件
此插件允许查询 Elasticsearch 实例以获取存储在集群中的数据指标。该插件支持计算搜索查询的命中次数,计算数值字段的统计信息,按查询过滤,按标签聚合,以及计算特定字段的术语数量。
此插件支持 Elasticsearch 5.x 和 6.x,但已知在 7.x 或更高版本上会中断。
引入于: Telegraf v1.20.0 标签: datastore 操作系统支持: all
全局配置选项
插件支持其他全局和插件配置设置,用于修改指标、标签和字段,创建别名以及配置插件顺序等任务。更多详情请参阅 CONFIGURATION.md。
配置
# Derive metrics from aggregating Elasticsearch query results
[[inputs.elasticsearch_query]]
## The full HTTP endpoint URL for your Elasticsearch instance
## Multiple urls can be specified as part of the same cluster,
## this means that only ONE of the urls will be written to each interval.
urls = [ "http://node1.es.example.com:9200" ] # required.
## Elasticsearch client timeout, defaults to "5s".
# timeout = "5s"
## Set to true to ask Elasticsearch a list of all cluster nodes,
## thus it is not necessary to list all nodes in the urls config option
# enable_sniffer = false
## Set the interval to check if the Elasticsearch nodes are available
## This option is only used if enable_sniffer is also set (0s to disable it)
# health_check_interval = "10s"
## HTTP basic authentication details (eg. when using x-pack)
# username = "telegraf"
# password = "mypassword"
## Optional TLS Config
# tls_ca = "/etc/telegraf/ca.pem"
# tls_cert = "/etc/telegraf/cert.pem"
# tls_key = "/etc/telegraf/key.pem"
## Use TLS but skip chain & host verification
# insecure_skip_verify = false
## If 'use_system_proxy' is set to true, Telegraf will check env vars such as
## HTTP_PROXY, HTTPS_PROXY, and NO_PROXY (or their lowercase counterparts).
## If 'use_system_proxy' is set to false (default) and 'http_proxy_url' is
## provided, Telegraf will use the specified URL as HTTP proxy.
# use_system_proxy = false
# http_proxy_url = "https://:8888"
[[inputs.elasticsearch_query.aggregation]]
## measurement name for the results of the aggregation query
measurement_name = "measurement"
## Elasticsearch indexes to query (accept wildcards).
index = "index-*"
## The date/time field in the Elasticsearch index (mandatory).
date_field = "@timestamp"
## If the field used for the date/time field in Elasticsearch is also using
## a custom date/time format it may be required to provide the format to
## correctly parse the field.
##
## If using one of the built in elasticsearch formats this is not required.
# date_field_custom_format = ""
## Time window to query (eg. "1m" to query documents from last minute).
## Normally should be set to same as collection interval
query_period = "1m"
## Lucene query to filter results
# filter_query = "*"
## Fields to aggregate values (must be numeric fields)
# metric_fields = ["metric"]
## Aggregation function to use on the metric fields
## Must be set if 'metric_fields' is set
## Valid values are: avg, sum, min, max, sum
# metric_function = "avg"
## Fields to be used as tags
## Must be text, non-analyzed fields. Metric aggregations are performed
## per tag
# tags = ["field.keyword", "field2.keyword"]
## Set to true to not ignore documents when the tag(s) above are missing
# include_missing_tag = false
## String value of the tag when the tag does not exist
## Used when include_missing_tag is true
# missing_tag_value = "null"示例
请注意,对于以下所有示例,仍然需要 [[inputs.elasticsearch_query]]。
搜索每个 URI 和每个响应状态码的平均响应时间
[[inputs.elasticsearch_query.aggregation]]
measurement_name = "http_logs"
index = "my-index-*"
filter_query = "*"
metric_fields = ["response_time"]
metric_function = "avg"
tags = ["URI.keyword", "response.keyword"]
include_missing_tag = true
missing_tag_value = "null"
date_field = "@timestamp"
query_period = "1m"搜索每个方法和每个 URI 的最大响应时间
[[inputs.elasticsearch_query.aggregation]]
measurement_name = "http_logs"
index = "my-index-*"
filter_query = "*"
metric_fields = ["response_time"]
metric_function = "max"
tags = ["method.keyword","URI.keyword"]
include_missing_tag = false
missing_tag_value = "null"
date_field = "@timestamp"
query_period = "1m"搜索所有索引中匹配过滤查询的文档数量
[[inputs.elasticsearch_query.aggregation]]
measurement_name = "http_logs"
index = "*"
filter_query = "product_1 AND HEAD"
query_period = "1m"
date_field = "@timestamp"搜索匹配过滤查询的文档数量,按响应状态码返回
[[inputs.elasticsearch_query.aggregation]]
measurement_name = "http_logs"
index = "*"
filter_query = "downloads"
tags = ["response.keyword"]
include_missing_tag = false
date_field = "@timestamp"
query_period = "1m"必需参数
measurement_name: 用于存储聚合查询结果的目标测量名称。index: 要在 Elasticsearch 中查询的索引名称query_period: 查询的时间窗口(例如,“1m”查询过去一分钟的文档)。通常应设置为与 collection 相同date_field: Elasticsearch 索引中的日期/时间字段
可选参数
date_field_custom_format: 如果使用 Elasticsearch 的内置日期/时间格式之一,则不需要。但如果使用自定义日期/时间格式,则可能需要。格式语法使用 Joda 日期格式。filter_query: 用于过滤结果的 Lucene 查询(默认为“*”)metric_fields: 用于执行度量聚合的字段列表(这些字段必须被索引为数值字段)metric_function: 将在定义的metric_fields上执行的单值度量聚合函数。当前支持的聚合是“avg”、“min”、“max”、“sum”。(参见 聚合文档)tags: 将用作标签的字段列表(这些字段必须被索引为非分析字段)。将为定义的每个标签执行“terms 聚合”include_missing_tag: 设置为 true 可不忽略在上述标签中不存在的文档。(如果为 false,则在doc_count和度量聚合中将忽略没有指定标签字段的文档)missing_tag_value: 对于标签字段不存在的文档,将设置为的标签值。仅在include_missing_tag设置为true时使用。
Metrics
示例输出
此页面是否有帮助?
感谢您的反馈!
支持和反馈
感谢您成为我们社区的一员!我们欢迎并鼓励您对 Telegraf 和本文档提出反馈和 bug 报告。要获取支持,请使用以下资源
具有年度合同或支持合同的客户可以 联系 InfluxData 支持。