为什么需要搭建质量监控平台

  • 测试数据收集
  • 测试数据分析
  • 测试图表制作

常用技术架构ElasticStack

官方网站:https://www.elastic.co/cn/elastic-stack

包括 Elasticsearch、Kibana、Beats 和 Logstash(也称为 ELK Stack)。能够安全可靠地获取任何来源、任何格式的数据,然后实时地对数据进行搜索、分析和可视化。

image-20200909192155300

数据源与格式

  • 数据源:文件、网络、消息管道
  • 格式:json、csv、单行文本nginx.log

Fiebeat

轻量型日志采集器,从安全设备、云、容器、主机还是 OT 进行数据收集,Filebeat 都将为您提供一种轻量型方法,用于转发和汇总日志与文件,让简单的事情不再繁杂。官方网站:https://www.elastic.co/cn/beats/filebeat

image-20200909193635360

Logstash

集中、转换和存储数据,Logstash 是免费且开放的服务器端数据处理管道,能够从多个来源采集数据,转换数据,然后将数据发送到您最喜欢的“存储库”中。官方网站:https://www.elastic.co/cn/logstash

image-20200909193741679

logstash的流程

image-20200909193811908

logstash Docker安装与启动

  • 安装

    1
    2
    3
    [root@lvjing ~]# docker pull logstash:7.8.1
    7.8.1: Pulling from library/logstash
    ……

  • 启动并进入容器

    • 需要将容器中的logstash.conf和logstash.yml文件拷贝出来,放到logstash目录中

      • 启动一个简易的logstash

        1
        [root@lvjing ~]# docker run -it --rm logstash:7.8.1 bash

      • 找到容器中的配置文件

        1
        2
        3
        4
        5
        6
        7
        8
        9
        10
        11
        12
        13
        14
        15
        16
        17
        18
        19
        [root@lvjing ~]# docker run -it --rm logstash:7.8.1 bash
        bash-4.2$ ls
        bin	CONTRIBUTORS  Gemfile	    lib		 logstash-core		   modules     pipeline  vendor
        config	data	      Gemfile.lock  LICENSE.txt  logstash-core-plugin-api  NOTICE.TXT  tools	 x-pack
        bash-4.2$ ls
        bin	CONTRIBUTORS  Gemfile	    lib		 logstash-core		   modules     pipeline  vendor
        config	data	      Gemfile.lock  LICENSE.txt  logstash-core-plugin-api  NOTICE.TXT  tools	 x-pack
        bash-4.2$ cd config/
        bash-4.2$ pwd
        /usr/share/logstash/config
        bash-4.2$ cd ..
        bash-4.2$ ls
        bin	CONTRIBUTORS  Gemfile	    lib		 logstash-core		   modules     pipeline  vendor
        config	data	      Gemfile.lock  LICENSE.txt  logstash-core-plugin-api  NOTICE.TXT  tools	 x-pack
        bash-4.2$ cd pipeline/
        bash-4.2$ ls
        logstash.conf
        bash-4.2$ pwd
        /usr/share/logstash/pipeline

      • 将容器中的文件拷贝到宿主机中,注意,需要新开一个iTherm窗口

        1
        2
        3
        4
        5
        [root@lvjing ~]# docker cp 2c5a63b842b3:/usr/share/logstash/config/logstash.yml /root/logstash/
        [root@lvjing ~]# docker cp 2c5a63b842b3:/usr/share/logstash/pipeline/logstash.conf /root/logstash/
        [root@lvjing ~]# cd logstash/
        [root@lvjing logstash]# ls
        logstash.conf  logstash.yml

    • 修改logstash.conf和logstash.yml文件的内容

      • logstash.conf内容如下

        1
        2
        3
        4
        5
        6
        7
        8
        9
        10
        11
        12
        input {
          stdin{}
        }

        filter {
          json {source => "message"}
        }

        output {
          elasticsearch{ hosts=>['127.0.0.1:9200'] }
          stdout {}
        }

      • logstash.yml(清空文件内容)内容如下

        1
        2
        http.host: "0.0.0.0" # 删除
        xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ] # 删除

  • 启动容器

    1
    [root@lvjing ~]# docker run -it --rm -v $PWD/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf -v $PWD/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml -v $PWD/logstash/:/data/ logstash:7.8.1 --config.reload.automatic

logstash的数处理

1
2
3
4
5
6
7
8
9
10
11
12
input {
  stdin{}
}

filter {
  json {source => "message"}
}

output {
  elasticsearch{ hosts=>['127.0.0.1:9200'] }
  stdout {}
}

常见input

  • stdin {}
  • file { path => "/data/ELK/data/*.csv" }
  • file { path => "/data/ELK/data/*.csv" }

常见filter

  • csv{columns =>[ "log_time", "real_ip", "status", "http_user_agent"]
  • json {source => "message"}

常见output

  • elasticsearch{ hosts=>["x.x.x.x"] }
  • stdout {}

ElasticSearch

数据库的对比

MySQL ElasticSearch
Database Index
Table Type
Row Document
Column Field
Schema Mapping
Index Everything is indexed
SQL Query DSL
SELECT * FROM table … GET http://
UPDATE table SET … PUT http://

ES Docker安装启动

  • 安装

    1
    2
    3
    [root@lvjing ~]# docker pull elasticsearch:7.8.1
    7.8.1: Pulling from library/elasticsearch
    ……

  • 启动,es非常消耗内存,因此需要指定JVM参数启动

    1
    [root@lvjing ~]# docker run -d --name es -p 9200:9200 -p 9300:9300 -e ES_JAVA_OPTS="-Xms128m -Xmx128m" -e "discovery.type=single-node" elasticsearch:7.8.1
    • -d:后台启动

  • 启动报异常,及解决方法

    1
    [root@lvjing ~]# docker logs -f 5c6baa870dd8

    image-20210304110520281

  • 解决方法

    1. 在centos虚拟机中,修改配置sysctl.conf

      • vim /etc/sysctl.conf

    2. 加入如下配置

      • vm.max_map_count=262144

      image-20210213083945554

    3. 启用配置

      • sysctl -p
      1
      2
      [root@localhost ~]# sysctl -p
      vm.max_map_count = 262144

  • 重新启动容器

    1
    [root@lvjing ~]# docker restart 5c6baa870dd8

    再次查看logs会发现,不会有该报错了

数据索引练习

地址:https://www.elastic.co/guide/en/elasticsearch/reference/7.8/getting-started-index.html

实战演示

  • 在本机给es服务发送数据,创建文档

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    jingdeMacBook-Pro:~ apple$ curl -X PUT "xx.xx.xx.xx:9200/customer/_doc/1?pretty" -H 'Content-Type: application/json' -d '{"name":"Hello ES"}'
    {
      "_index" : "customer",
      "_type" : "_doc",
      "_id" : "1",
      "_version" : 1,
      "result" : "created",
      "_shards" : {
        "total" : 2,
        "successful" : 1,
        "failed" : 0
      },
      "_seq_no" : 0,
      "_primary_term" : 1
    }

    类似以上,在创建两个文档

  • 获取已创建的文档

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    jingdeMacBook-Pro:~ apple$ curl -X GET "xx.xx.xx.xx:9200/customer/_doc/2?pretty"
    {
      "_index" : "customer",
      "_type" : "_doc",
      "_id" : "2",
      "_version" : 1,
      "_seq_no" : 1,
      "_primary_term" : 1,
      "found" : true,
      "_source" : {
        "name" : "Hello World"
      }
    }

  • 搜索创建文档

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    jingdeMacBook-Pro:~ apple$ curl -X GET "8.140.112.109:9200/customer/_search?pretty" -H 'Content-Type: application/json' -d'{"query": { "match_all": {} }}'
    {
      "took" : 49,
      "timed_out" : false,
      "_shards" : {
        "total" : 1,
        "successful" : 1,
        "skipped" : 0,
        "failed" : 0
      },
      "hits" : {
        "total" : {
          "value" : 3,
          "relation" : "eq"
        },
        "max_score" : 1.0,
        "hits" : [
          {
            "_index" : "customer",
            "_type" : "_doc",
            "_id" : "1",
            "_score" : 1.0,
            "_source" : {
              "name" : "Hello ES"
            }
          },
          {
            "_index" : "customer",
            "_type" : "_doc",
            "_id" : "2",
            "_score" : 1.0,
            "_source" : {
              "name" : "Hello World"
            }
          },
          {
            "_index" : "customer",
            "_type" : "_doc",
            "_id" : "3",
            "_score" : 1.0,
            "_source" : {
              "name" : "Hello Java"
            }
          }
        ]
      }
    }
    jingdeMacBook-Pro:~ apple$ curl -X GET "8.140.112.109:9200/customer/_search?pretty" -H 'Content-Type: application/json' -d'{"query": { "match": { "name": "Java" } }}'
    {
      "took" : 2,
      "timed_out" : false,
      "_shards" : {
        "total" : 1,
        "successful" : 1,
        "skipped" : 0,
        "failed" : 0
      },
      "hits" : {
        "total" : {
          "value" : 1,
          "relation" : "eq"
        },
        "max_score" : 0.9808291,
        "hits" : [
          {
            "_index" : "customer",
            "_type" : "_doc",
            "_id" : "3",
            "_score" : 0.9808291,
            "_source" : {
              "name" : "Hello Java"
            }
          }
        ]
      }
    }

Kibana

Kibana Docker安装与启动

  • 安装

    1
    2
    3
    [root@lvjing ~]# docker pull kibana:7.8.1
    7.8.1: Pulling from library/kibana
    ……

  • 启动:

    1
    2
    [root@lvjing ~]# docker run -d --name kibana --link es:elasticsearch -p 5601:5601 kibana:7.8.1
    0cbc5d4604f854d23a05d683cbb4b67e5a3fedfa071d635b633cab40e718989e
    • --link:关联容器,接容器名:容器的主机名

  • 浏览器访问:http://xx.xx.xxx.xx:5601/

    image-20210304114508917

    新访问,会加载一段时间,耐心等待

    提供了模板样例数据,点击进入我们可以根据选择需要的样例

    image-20210304114749700

APM

Application Performance Monitoring (APM)应用性能监控,APM使用说明:http://xx.xxx.xxx.xxx:5601/app/kibana#/home/tutorial/apm

  • 安装

    1
    2
    3
    [root@lvjing ~]# docker pull docker.elastic.co/apm/apm-server:7.8.1
    7.8.1: Pulling from apm/apm-server
    ……

  • 启动

    1
    [root@lvjing ~]# docker run -d --name=apm-server --user=apm-server -p 8200:8200 --link elasticsearch:elasticsearch  docker.elastic.co/apm/apm-server:7.8.1 --strict.perms=false -e -E output.elasticsearch.hosts=["elasticsearch:9200"]