通过monitoring-es索引查询集群历史状态
来自三线的随记
通过 monitoring-es 索引可以做到很多查询操作,例如
通过 monitoring-es 索引可以查到指定时间内 master 角色是否有漂移
GET /.monitoring-es-7-2025.04.27/_search
{
"_source":["source_node.name","node_stats.node_master"],
"query": {
"bool": {
"must": [
{
"match": {
"node_stats.node_master": "true"
}
},
{
"range": {
"timestamp": {
"gte": "2025-04-27T11:50:00.000Z",
"lte": "2025-04-27T12:20:00.000Z"
}
}
}
]
}
},
"size": 99,
"sort": [
{
"timestamp": {
"order": "asc"
}
}
]
}
提取特定节点JVM变化情况
GET /.monitoring-es-7-2024.12.27/_search
{
"_source": ["node_stats.jvm","source_node"],
"query": {
"bool": {
"must": [
{
"match": {
"source_node.name": "es-cluster-prd-es-data-3"
}
},
{
"match": {
"type": "node_stats"
}
},
{
"range": {
"timestamp": {
"gte": "2024-12-27T23:30:00.000Z",
"lte": "2024-12-27T23:40:00.000Z"
}
}
}
]
}
},
"size": 99,
"sort": [
{
"timestamp": {
"order": "asc"
}
}
]
}
提取各节点文档数量在故障期间变化情况以确定各节点写入能力
GET /.monitoring-es-7-2024.12.27/_search
{
"_source": ["source_node.name","source_node.timestamp","node_stats.indices.docs.count"],
"query": {
"bool": {
"must": [
{
"match": {
"source_node.name": "es-cluster-prd-es-data-0"
}
},
{
"match": {
"type": "node_stats"
}
},
{
"range": {
"timestamp": {
"gte": "2024-12-27T15:31:00.000Z",
"lte": "2024-12-27T15:35:00.000Z"
}
}
}
]
}
},
"size": 99,
"sort": [
{
"timestamp": {
"order": "asc"
}
}
]
}
