【功能模块】ES功能【操作步骤&问题现象】1、能效告警调用告警的ES搜索引擎，搜索引擎使用报错,开源ES默认查10000条数据，这查询的数据量也太小了啊2、当告警数据超过 了一万多条，我们这该如何处理，有什么好的处理方案吗?【截图信息】【日志信息】（可选，上传日志内容或者附件）顾庆耀/18068848554/guqingyao@chinasoftinc.com

【功能模块】ES功能【操作步骤&问题现象】1、能效告警调用告警的ES搜索引擎，搜索引擎使用报错2、查询数据库太慢，能帮忙定位下是什么原因吗【截图信息】【日志信息】（可选，上传日志内容或者附件）顾庆耀/18068848554/guqingyao@chinasoftinc.com

springboot 使用 java-transport-client 读写 FusionInsight HD 6.5.1 安全模式 ES 6.7.1 ，刚启动服务时可以正常读写 ES ，但过一段时间后就报错，错误堆栈如下认证代码复制于样例已替换下面三个包，请问是否替换正确elasticsearch-transport-clientelasticsearchtransport

【功能模块】【资产管理】【资产列表查询功能】【操作步骤&问题现象】1、资产管理中资产列表，有通过资产编号查询条件，从ES中进行查询，有的记录可以查询出来，有的查询不出，不添加资产编号的条件进行查询，都能查询出来2、查询asset101 就能够查询出来，查询NJJN-4F-222就查询不出来，希望拉会议帮忙解决【截图信息】【日志信息】（可选，上传日志内容或者附件）顾庆耀/18068848554/guqingyao@chinasoftinc.com

【背景】Logstash-OSS受Apache Log4j2远程代码影响:https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476，需要由7.10.1版本升级至解决问题版本7.16.2【问题】logstash.conf:output {  elasticsearch{    hosts => ["https://10.33.27.xxx:9200","https://10.33.27.xxy:9200","https://10.33.27.xxz:9200"]    user => "admin"    password => "xxxxx"    cacert => "xxxxx"    ilm_enabled => false    index => "xxxx-%{+YYYY.MM.dd}"    manage_template => true    template_overwrite => true    template_name => "xxxx_template"  }}华为云CSS服务版本为ElasticSearch 7.6.2版本，升级Logstash-OSS版本至7.16.2后，启动失败：[2021-12-27T09:44:20,042][ERROR][logstash.javapipeline][main]Pipelineerror{:pipeline_id=>"main",:exception=>#<LogStash::ConfigurationError:CouldnotconnecttoacompatibleversionofElasticsearch>,:backtrace=>["/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client/pool.rb:247:in blockinhealthcheck!'","org/jruby/RubyHash.java:1415:in each'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client/pool.rb:240:in healthcheck!'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:374:in update_urls'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client/pool.rb:89:in update_initial_urls'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:83:in start'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client.rb:359:in build_pool'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch/http_client.rb:63:in initialize'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client_builder.rb:106:in create_http_client'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:102:in build'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/plugin_mixins/Elasticsearch/common.rb:34:in build_client'","/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch.rb:275:in register'","org/logstash/config/ir/compiler/OutputStrategyExt.java:131:in register'","org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:68:in register'","/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:232:in blockinregister_plugins'","org/jruby/RubyArray.java:1821:in each'","/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:231:in register_plugins'","/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:589:in maybe_setup_out_plugins'","/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:244:in start_workers'","/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:189:in run'","/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:141:in`blockinstart'"],"pipeline.sources"=>["/home/test/conf/logstash.conf"],:thread=>"#<Thread:0x3a3c3828run>"}[2021-12-27T09:44:20,053][INFO][logstash.javapipeline][main]Pipelineterminated{"pipeline.id"=>"main"}[2021-12-27T09:44:20,078][ERROR][logstash.agent]Failedtoexecuteaction{:id=>:main,:action_type=>LogStash::ConvergeResult::FailedAction,:message=>"Couldnotexecuteaction:PipelineAction::Create,action_result:false",:backtrace=>nil}[2021-12-27T09:44:20,188][INFO][logstash.runner]Logstashshutdown.[2021-12-27T09:44:20,201][FATAL][org.logstash.Logstash]Logstashstoppedprocessingbecauseofanerror:(SystemExit)exitorg.jruby.exceptions.SystemExit:(SystemExit)exitatorg.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:747)~[jruby-complete-9.2.20.1.jar:?]atorg.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:710)~[jruby-complete-9.2.20.1.jar:?]athome.test.logstash.lib.bootstrap.environment.(/home/test/logstash/lib/bootstrap/environment.rb:94)~[?:?]官方ReleaseNode：https://www.elastic.co/guide/en/logstash/7.16/logstash-7-13-0.html从7.11版本开始，ES不再提供ElasticSearch-OSS版本：https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1005Logstash-OSS从7.13.0开始，检查ES license，不再支持对接ElasticSearch-OSS版本，故Logstash-OSS升级至7.16.2后对接失败【解决方案】OpenSearch：https://opensearch.org/OpenSearch is a community-driven, open source search and analytics suite derived from Apache 2.0 licensed Elasticsearch 7.10.2 & Kibana 7.10.2. It consists of a search engine daemon, OpenSearch, and a visualization and user interface, OpenSearch Dashboards. OpenSearch enables people to easily ingest, secure, search, aggregate, view, and analyze data. These capabilities are popular for use cases such as application search, log analytics, and more. With OpenSearch people benefit from having an open source product they can use, modify, extend, monetize, and resell how they want. At the same time, OpenSearch will continue to provide a secure, high-quality search and analytics suite with a rich roadmap of new and innovative functionality.OpenSearch提供Logstash OSS with OpenSearch Ouput Plugin:https://opensearch.org/downloads.html对应Logstash-OSS官方版本+logstash plugin(logstash-output-opensearch：https://github.com/opensearch-project/logstash-output-opensearch)二次打包：https://github.com/opensearch-project/logstash-output-opensearch/blob/main/release/tar/generate-artifact.sh从OpenSearch官方下载：https://artifacts.opensearch.org/logstash/logstash-oss-with-opensearch-output-plugin-7.16.2-linux-x64.tar.gz，或者通过logstash-plugin安装logstash-ouput-opensearch插件。修改logstash.conf：output {  opensearch{    hosts => ["https://10.33.27.xxx:9200","https://10.33.27.xxy:9200","https://10.33.27.xxz:9200"]    user => "admin"    password => "xxxxx"    cacert => "xxxxx"    index => "xxxx-%{+YYYY.MM.dd}"    manage_template => true    template_overwrite => true    template_name => "xxxx_template"  }}启动成功：

【功能模块】【操作步骤&问题现象】1、2、【截图信息】【日志信息】（可选，上传日志内容或者附件）

HD 6.5.1版本的Elasticsearch 数据如何才能迁移到MRS8.1.2 ？有什么迁移方案，及详细操作步骤？

【操作步骤&问题现象】es中oder排序用到的字段类型是整形，是不是会比较慢？

集群环境是FusionInsight 6.5.1 请问备份ES集群的业务数据后，将ES集群删除后重新安装， 可否用这份备份的数据直接恢复数据到新的ES集群。ES的数据恢复有必须是当前集群的要求吗？

FunsionInsight HD6.5.1版本 请问在一个Manager下面可以安装两套ES集群吗？使用ES2ES工具可否在同一Manager下的两套ES集群间迁移数据？请华为的专家帮忙看看，谢谢。

获取插件包1. 下载最新版本插件源码包：https://github.com/bells/elasticsearch-analysis-dynamic-synonym/2. 解压源码包并进入代码根目录，执行mvn clean package编译打包，到红框的路径下取插件包，上传到实例节点上。 安装插件：1. 使用omm用登录任意esnode1实例主机2. 创建目录 /opt/huawei/Bigdata/FusionInsight_Elasticsearch_8.1.1/install/FusionInsight-Elasticsearch-7.10.2/elasticsearch/plugins/dynamic-synonym3. 将已上传的插件包解压到此目录下4. 修改权限 chmod 600 ./*5. 修改配置文件plugin-descriptor.properties中version为7.10.2 6. 上传词典到 实例配置文件目录/opt/huawei/Bigdata/FusionInsight_Elasticsearch_8.1.1/install/FusionInsight-Elasticsearch-7.10.2/cluster/EsNode1/config/并修改权限chmod 600 synonyms.txt7. 修改文件格式dos2unix synonyms.txt8. 同步以上修改到所有实例9. 重启服务 查看运行日志可以观察到插件和词典加载功能验证：curl -XPUT --tlsv1.2 --negotiate -k -u : "https://192.168.133.3:24100/synonym_test?pretty" -H 'Content-Type: application/json' -d' { "settings": { "index" : { "analysis" : { "analyzer" : { "synonym" : { "tokenizer" : "whitespace", "filter" : ["local_synonym"] } }, "filter" : { "local_synonym" : { "type" : "dynamic_synonym", "synonyms_path" : "synonyms.txt" } } } } } } 'curl -XGET --tlsv1.2 --negotiate -k -u : "https://192.168.133.3:24100/synonym_test/_analyze?pretty=true" -H 'Content-Type: application/json' -d'{ "analyzer":"synonym", "text":"哀愁"}' 词典文件：执行结果：  

docker容器 04部署  docker........................................................................................................ 11.     部署.................................................................................................... 21.1.      nginx............................................................................................ 21.2.      tomcat......................................................................................... 31.3.      ES+kibana................................................................................... 41.4.      可视化........................................................................................ 51.       部署1.1.          nginx搜索 docker search nginx下载 docker pull nginx查看 docker images启动 docker run -d --name nginx01 -p 3344:80 nginx-d后台运行，--name取名，-p指定端口（将容器内80端口映射为外面的3344端口）通过外网访问3344就能访问容器内的80端口的nginx查看 docker ps运行测试 curl localhost:3344docker exec -it 容器id /bin/bash进入容器whereis  nginx 配置文件在/etc/nginxdocker stop 容器id 停止容器配置文件，可以不用进入容器修改？1.2.          tomcatdocker run -it --rm tomcat:9.0官方测试用完即删我们正常逻辑 docker pull tomcat:9.0启动运行 docker imagesdocker run -d -p 3355:8080 --name tomcat01 tomcatdocker exec -it tomcat01 /bin/bash进入容器发现问题，linux命令少了，没有webapps 是阿里云镜像的原因，默认是最小的镜像，把不必要的剔除，保证最小可运行的环境cp -r webapps.dist/* webapps思考 如果每次要进入容器，很麻烦，能不能在外边放置项目，自动同步到内部就好？1.3.          ES+kibanaes暴露的端口很多，es十分耗内存，es数据一般要放置到安全目录，挂载启动elasticserchdocker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.6.2启动服务器很卡，解决问题查看cpu状态 docker stats关闭es,增加内存的限制curl localhost:9200docker stats发现内存占用量很大docker stop es的id关闭es,增加内存的限制docker run -d --name elasticsearch02 -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx=512m" elasticsearch:7.6.2docker ps查看运行的容器    docker stats查看内存消耗多少curl localhost:92001.4.          可视化portainerdocker图形化界面管理工具，提供后台面板供操作docker run -d -p 8088:9000 \ --restart=always -v /var/run/docker.sock:/var/run/docker.sock --privileged=true portainer/portainercurl localhost:8088内网访问，ip:8088外网访问 选择本地的rancher(CI/CD时候使用)

一、操作系统和软件版本介绍1.操作系统为openEuler 20.03 (LTS-SP1)   可用如下命令查询：[root@1ocalhost ~]# cat /etc/os-release [root@1ocalhost ~]# uname -i2.JDK依赖   安装ElasticSearch需要Java，因此在安装ElasticSearch之前需要先安装JDK。openEuler 20.03 (LTS-SP1) 默认没有安装JDK环境，需要自己自行安装。 这里安装JDK环境做简单说明，请开发者自行安装。[root@1ocalhost ~]# yum install java输入Y确认  查看JDK版本[root@1ocalhost ~]# java -version openjdk version "1.8.0_242" OpenJDK Runtime Environment (build 1.8.0_242-b08) OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)二、详细安装步骤     下载elasticsearch[root@1ocalhost ~]# cd /opt/ [root@1ocalhost opt]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.5.1-linux-x86_64.tar.gz  解压[root@1ocalhost opt]# tar -zvxf elasticsearch-7.5.1-linux-x86_64.tar.gz   启动  elasticsearch不需要特别的配置，只需要启动即可。 elasticsearch不能以root账户启动，所以需新建一个用户启动。[root@1ocalhost opt]# useradd es [root@1ocalhost opt]# chown -R es:es /opt/elasticsearch-7.5.1  切换到es用户：su es后台启动[es@1ocalhost opt]$ cd elasticsearch-7.5.1 [es@1ocalhost elasticsearch-7.5.1]$ bin/elasticsearch > elasticsearch.log 2>&1 & [1] 53805 [es@1ocalhost elasticsearch-7.5.1]$ 启动完成后，可使用命令curl http://localhost:9200  验证服务是否开启成功标签：Elasticsearch 云日志服务 LTS

kafka

【操作步骤&问题现象】ES 6.7.1线下版本集群，是否支持索引分片，副本放置集群外节点？是否建议此操作理由是什么？FI是否有实现案例？# curl -XPOST "http://ESnode:9200/_cluster/reroute" -d '{ "commands" : [ {"move" : {"index" : "ops", "shard" : 4, "from_node" : "es_node_one", "to_node" : "es_node_two"}}, {"cancel" : {"index" : "ops", "shard" : 0, "node" : "es_node_one"}} ] }'或者类似于开源ES CCR的功能实现 主备集群