如何获取我的 metricbeat 文件的系统参数值?
How to get values of my system parameters of my metricbeat file?
我是 ElasticStack 的新手,想从我的 .NET 核心项目中的 Metricbeat 获取 Cpu/Memory/diskio 等系统参数的值。
我想创建一个类似于 kibana 仪表板的页面。因此,我需要通过 query/API 从 metricbeat 文件中获取它们。
我写了下面的代码
ConnectionSettings connectionSettings;
ElasticClient elasticClient;
StaticConnectionPool connectionPool;
var nodes = new Uri[]
{
new Uri(_options.Value.ElasticSearchUrl),
};
connectionPool = new StaticConnectionPool(nodes);
string indexName = "metricbeat*";
connectionSettings = new ConnectionSettings(connectionPool).DefaultIndex(indexName);
elasticClient = new ElasticClient(connectionSettings);
var elasticResponse = await elasticClient.SearchAsync<object>(s => s.Size(1).
Query(q => q.Bool(b => b.Must(m => m.Range(r => r.Field("system.memory.actual.used.pct").GreaterThan(0).LessThan(1))))));
但是 elasticResponse 给我完整的命中细节如下
{
"took" : 35,
"timed_out" : false,
"_shards" : {
"total" : 15,
"successful" : 15,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : [
{
"_index" : "metricbeat-7.4.2-2019.12.18",
"_type" : "_doc",
"_id" : "hIK-GG8BkfAhjYcrdBP2",
"_score" : null,
"_source" : {
"@timestamp" : "2019-12-18T11:22:11.595Z",
"host" : {
"name" : "a8a441269011"
},
"agent" : {
"id" : "7e4f3202-461e-4f8d-8144-d2db5556ca1b",
"version" : "7.4.2",
"type" : "metricbeat",
"ephemeral_id" : "348fb071-e058-411c-b781-8dd2ec445286",
"hostname" : "a8a441269011"
},
"event" : {
"dataset" : "system.memory",
"module" : "system",
"duration" : 389771
},
"metricset" : {
"name" : "memory",
"period" : 5000
},
"service" : {
"type" : "system"
},
"system" : {
"memory" : {
"total" : 33731682304,
"used" : {
"pct" : 0.762,
"bytes" : 25702785024
},
"free" : 8028897280,
"actual" : {
"free" : 23516848128,
"used" : {
"pct" : 0.3028,
"bytes" : 10214834176
}
},
"swap" : {
"total" : 1023406080,
"used" : {
"pct" : 0.0064,
"bytes" : 6553600
},
"free" : 1016852480
},
"hugepages" : {
"free" : 0,
"reserved" : 0,
"surplus" : 0,
"default_size" : 2097152,
"total" : 0,
"used" : {
"bytes" : 0,
"pct" : 0
}
}
}
},
"ecs" : {
"version" : "1.1.0"
}
},
"sort" : [
1576668131595
]
}
]
}
}
但我只想
"actual" : {
"free" : 23516848128,
"used" : {
"pct" : 0.3028,
"bytes" : 10214834176
}
}
请帮忙。
解决方案:
var elasticResponse = elasticClient.Search<object>(s => s
.DocValueFields(dvf => dvf.Fields("system.memory.*", "system.cpu.*"))
.Size(2)
);
你可以用source filtering告诉elasticsearch你对哪些字段感兴趣。
使用 NEST,您的搜索请求将类似于
var elasticResponse = await client.SearchAsync<object>(s => s
.Source(sf => sf.Includes(i => i.Fields("system.memory.actual.*")))
.Size(1)
.Query(q => q.Bool(b => b.Must(m =>
m.Range(r => r.Field("system.memory.actual.used.pct").GreaterThan(0).LessThan(1))))));
更新:
对于您的情况,您还可以使用 docvalue_fields 到 return 平面结构方式的字段列表。
var elasticResponse = await client.SearchAsync<object>(s => s
.DocValueFields("system.memory.actual.*")
.Size(1)
.Query(q => q.Bool(b => b.Must(m =>
m.Range(r => r.Field("system.memory.actual.used.pct").GreaterThan(0).LessThan(1))))));
foreach (var fields in elasticResponse.Fields)
{
foreach (var value in fields)
{
Console.WriteLine($"{value.Key}: {fields.Value<object>(value.Key)}");
}
}
产出
system.memory.actual.free: 23516848128
system.memory.actual.used.bytes: 10214834176
system.memory.actual.used.pct: 0.302799999713898
希望对您有所帮助。
我是 ElasticStack 的新手,想从我的 .NET 核心项目中的 Metricbeat 获取 Cpu/Memory/diskio 等系统参数的值。
我想创建一个类似于 kibana 仪表板的页面。因此,我需要通过 query/API 从 metricbeat 文件中获取它们。
我写了下面的代码
ConnectionSettings connectionSettings;
ElasticClient elasticClient;
StaticConnectionPool connectionPool;
var nodes = new Uri[]
{
new Uri(_options.Value.ElasticSearchUrl),
};
connectionPool = new StaticConnectionPool(nodes);
string indexName = "metricbeat*";
connectionSettings = new ConnectionSettings(connectionPool).DefaultIndex(indexName);
elasticClient = new ElasticClient(connectionSettings);
var elasticResponse = await elasticClient.SearchAsync<object>(s => s.Size(1).
Query(q => q.Bool(b => b.Must(m => m.Range(r => r.Field("system.memory.actual.used.pct").GreaterThan(0).LessThan(1))))));
但是 elasticResponse 给我完整的命中细节如下
{
"took" : 35,
"timed_out" : false,
"_shards" : {
"total" : 15,
"successful" : 15,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : null,
"hits" : [
{
"_index" : "metricbeat-7.4.2-2019.12.18",
"_type" : "_doc",
"_id" : "hIK-GG8BkfAhjYcrdBP2",
"_score" : null,
"_source" : {
"@timestamp" : "2019-12-18T11:22:11.595Z",
"host" : {
"name" : "a8a441269011"
},
"agent" : {
"id" : "7e4f3202-461e-4f8d-8144-d2db5556ca1b",
"version" : "7.4.2",
"type" : "metricbeat",
"ephemeral_id" : "348fb071-e058-411c-b781-8dd2ec445286",
"hostname" : "a8a441269011"
},
"event" : {
"dataset" : "system.memory",
"module" : "system",
"duration" : 389771
},
"metricset" : {
"name" : "memory",
"period" : 5000
},
"service" : {
"type" : "system"
},
"system" : {
"memory" : {
"total" : 33731682304,
"used" : {
"pct" : 0.762,
"bytes" : 25702785024
},
"free" : 8028897280,
"actual" : {
"free" : 23516848128,
"used" : {
"pct" : 0.3028,
"bytes" : 10214834176
}
},
"swap" : {
"total" : 1023406080,
"used" : {
"pct" : 0.0064,
"bytes" : 6553600
},
"free" : 1016852480
},
"hugepages" : {
"free" : 0,
"reserved" : 0,
"surplus" : 0,
"default_size" : 2097152,
"total" : 0,
"used" : {
"bytes" : 0,
"pct" : 0
}
}
}
},
"ecs" : {
"version" : "1.1.0"
}
},
"sort" : [
1576668131595
]
}
]
}
}
但我只想
"actual" : {
"free" : 23516848128,
"used" : {
"pct" : 0.3028,
"bytes" : 10214834176
}
}
请帮忙。
解决方案:
var elasticResponse = elasticClient.Search<object>(s => s
.DocValueFields(dvf => dvf.Fields("system.memory.*", "system.cpu.*"))
.Size(2)
);
你可以用source filtering告诉elasticsearch你对哪些字段感兴趣。 使用 NEST,您的搜索请求将类似于
var elasticResponse = await client.SearchAsync<object>(s => s
.Source(sf => sf.Includes(i => i.Fields("system.memory.actual.*")))
.Size(1)
.Query(q => q.Bool(b => b.Must(m =>
m.Range(r => r.Field("system.memory.actual.used.pct").GreaterThan(0).LessThan(1))))));
更新:
对于您的情况,您还可以使用 docvalue_fields 到 return 平面结构方式的字段列表。
var elasticResponse = await client.SearchAsync<object>(s => s
.DocValueFields("system.memory.actual.*")
.Size(1)
.Query(q => q.Bool(b => b.Must(m =>
m.Range(r => r.Field("system.memory.actual.used.pct").GreaterThan(0).LessThan(1))))));
foreach (var fields in elasticResponse.Fields)
{
foreach (var value in fields)
{
Console.WriteLine($"{value.Key}: {fields.Value<object>(value.Key)}");
}
}
产出
system.memory.actual.free: 23516848128
system.memory.actual.used.bytes: 10214834176
system.memory.actual.used.pct: 0.302799999713898
希望对您有所帮助。